HTTP/1.1 401 Unauthorized, Azure AD Token Access

This is one of those tricky ones, today we were working on the service to service OAuth implementation using a standard recommendation specified here.

Everything worked just as expected initially but when we formalised the application names it started to fail, every time we requested the token from the endpoint we were returned 401 with the following details-

{
 "error": "invalid_client",
 "error_description": "AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided.
 \r\nTrace ID: 28ba838a-1893-4cae-9665-f68cb7252fe3\r\nCorrelation ID: 
 ef40987f-1a49-436c-b956-f12295e63afe\r\nTimestamp: 2015-08-28 15:07:02Z",
 "error_codes": [ 70002, 50012 ],
 "timestamp": "2015-08-28 15:07:02Z",
 "trace_id": "28ba838a-1893-4cae-9665-f68cb7352fe3",
 "correlation_id": "ef40987f-7a42-436c-b956-f12295e63afe",
 "submit_url": null,
 "context": null
}

I turned out that application which returns the token does not like the long names (how long is not known atm). So we shortened the name and it started to work. Something to be aware of… if I manage to find the underlying reason for it, I will update this post.