Microsoft - invalid client secret
Hi all,
I'm trying to connect to a microsoft account from a self-hosted instance of twenty (version 1.3.1) (in docker via portainer). I think I have all the settings correct in twenty and in the MS Entra admin center, however after trying to connect the 2 services, twenty is showing an error message that sync is lost and that I need to reconnect to MS.
On review of the twenty-worker log file, I noticed the following error message: AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app
I've checked the secret value, including creating a new one and adding it to the twenty environment values, without any result. I've also restarted the twenty instance to see if I could force an update of the client secret value.
Would anyone be able to provide some assistance sort this out please?
2 Replies
Hey @Guillaume, could you please have a look to this when you have some free time ?
Hi all, I have the same error. Auth using EntraID is working. But syncing shows me the same error. I would appreciate a suggestion on how to fix this.
I found the issue.
I am running the CRM via k8s, and just forgot to add the necessary secrets to the deployment-worker.
Here is the snippet from my current manifest (the blueprint also is missing it, https://github.com/twentyhq/twenty/blob/main/packages/twenty-docker/k8s/manifests/deployment-worker.yaml)
--- apiVersion: apps/v1 kind: Deployment metadata: labels: app: twentycrm-worker name: twentycrm-worker ... spec: ... template: ... spec: containers: - name: twentycrm env: ... envFrom: - secretRef: name: microsoft-authThe secret just uses the relevant variables:
--- apiVersion: v1 kind: Secret metadata: name: microsoft-auth namespace: twenty-crm stringData: AUTH_MICROSOFT_APIS_CALLBACK_URL: https://[xxxxxxxxxxxxxxxxxxx]/auth/microsoft-apis/get-access-token AUTH_MICROSOFT_CALLBACK_URL: https://[xxxxxxxxxxxxxxxxxxx]/auth/microsoft/redirect AUTH_MICROSOFT_CLIENT_ID: xxxxxxxxxxxxxxxxxxx AUTH_MICROSOFT_CLIENT_SECRET: xxxxxxxxxxxxxxxxxxx AUTH_MICROSOFT_ENABLED: true CALENDAR_PROVIDER_MICROSOFT_ENABLED: true MESSAGING_PROVIDER_MICROSOFT_ENABLED: true