locked
Invalid Client Secret for App

    Question

  • I registered my new app name in the MS account Developer Center but have not yet submitted it for the store or set up payment etc. I only have the App name and the Client id, SID, and Client secret. Now when my cloud service attempts to authenticate via login.live.com (HTTPS providing client_id=ms-app://xxxx&client_secret=yyyyy&scope=notify.windows.com

    I have set "Restricut JWT Issueing" which has an explanatory note "Limits the issuing of JSON Web Tokens (JWT) for your domain to exclusively this application". I assume this is ok. I am only interested in one app at the moment anyway.

    I see no other settings in the dashboard concerning push notifications.

    I get back HTTP 400 - json "Invalid client secret". The client id seems to be ok (if I send a faked client Id I get back the message that the client id is wrong). My client secret is exactly as shown on my dashboard. Why is it being rejected?

    Secondary question, the dashboard tells me to add my Application Identity

    <Identity Name="AAAAAAAAA.BB" Publisher="CN=CCCCCCCCCCCCCC" /> into my AppManifest.xml. But my Windows Phone 8.1 runtime app doesn't have a manifest with this name and doesn't have an <identity> element.

    Thanks,

    Ciarán

    Friday, September 05, 2014 2:58 PM

Answers

  • In the end I re-created my client id. Then I was getting back an access token : OK

    Regarding associating my MSVS project with the app I just created in the dashboard - I right click on the solution and go to Store-> Associate with app in store etc.

    I consider this request closed

    • Marked as answer by ciaran_mac_hkc Monday, September 08, 2014 2:59 PM
    Monday, September 08, 2014 2:59 PM

All replies

  • Hi Ciaran,

    I have checked the document from MSDN about Push notifications with WNS, I found you might miss parameter of grant_type. I cannot see this parameter from the request you posted. Grant_type is required on access token request. You can see details from the following link. http://msdn.microsoft.com/en-us/library/windows/apps/hh465435.aspx.  

    I would recommend you go through the WNS approach from MSDN page. http://msdn.microsoft.com/en-us/library/windows/apps/hh465407.aspx.

    For your second question, I assume the dashboard asks you to associate your windows phone app with the windows store. Please refer to the middle of page to see how. http://blogs.msdn.com/b/cdnstudents/archive/2014/04/22/step-by-step-creating-a-windows-8-app-from-windows-phone-app-studio.aspx.

    Regards,


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, September 08, 2014 6:31 AM
    Moderator
  • Apologies, I should have posted the entire HTTP request:

    POST /accesstoken.srf HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: login.live.com
    Content-Length: 205

    grant_type=client_credentials&client_id=ms-app://s-1-15-2-1474090421-3290482916-4094964942-2196212180-1827066872-2343129295-268835857&client_secret=BzE2dZT0L+Fw+fxcDDmMHdOE5m++q8Cy&scope=notify.windows.com

    You can see that the grant type and scope are as recommended. I am sending this using Winsock over OpenSSL to login.live.com


    Does the client secret  need to be activated in some way? i.e. does one instance of the app need to contact WNS requesting a channel URI in order for the secret to become 'live'? Or is it sufficient that the secret be created? (So far I have only created the secret but have not associated the app with a project in MSVS windows phone 8. )
    Monday, September 08, 2014 7:27 AM
  • In the end I re-created my client id. Then I was getting back an access token : OK

    Regarding associating my MSVS project with the app I just created in the dashboard - I right click on the solution and go to Store-> Associate with app in store etc.

    I consider this request closed

    • Marked as answer by ciaran_mac_hkc Monday, September 08, 2014 2:59 PM
    Monday, September 08, 2014 2:59 PM