GuzzleHttp\Exception\ClientException Client error: POST https://login.microsoftonline.com/common/oauth2/token resulted in a 401 Unauthorized response #1712

Closed
opened 2026-02-05 01:41:26 +03:00 by OVERLORD · 10 comments
Owner

Originally created by @amahmou on GitHub (May 5, 2020).

Hi,

i can t login with Microsoft AZURE ( qith MFA activated ) on my Bookstack

Steps To Reproduce
Steps to reproduce the behavior:

  1. Go to 'Login with Microsoft AZURE'
  2. See error
    LOG :
    https://flareapp.io/share/47qVaa5W#F57
Originally created by @amahmou on GitHub (May 5, 2020). Hi, i can t login with Microsoft AZURE ( qith MFA activated ) on my Bookstack **Steps To Reproduce** Steps to reproduce the behavior: 1. Go to 'Login with Microsoft AZURE' 2. See error LOG : https://flareapp.io/share/47qVaa5W#F57
OVERLORD added the 🐕 Support🚪 Authentication labels 2026-02-05 01:41:26 +03:00
Author
Owner

@ssddanbrown commented on GitHub (Jun 30, 2020):

Hi @amahmou,
Sorry for my late reply.
In the error message, it looks like microsoft is providing the message "Invalid client secret".

Can you double check the value of the secret that you have configured in your BookStack .env file?
Does it contain any special characters or spaces?

@ssddanbrown commented on GitHub (Jun 30, 2020): Hi @amahmou, Sorry for my late reply. In the error message, it looks like microsoft is providing the message "Invalid client secret". Can you double check the value of the secret that you have configured in your BookStack `.env` file? Does it contain any special characters or spaces?
Author
Owner

@danielslyman commented on GitHub (Jul 24, 2020):

I have the same issue unfortunately, and yes, my secret do have special characters. Any way to fix this?

Thank,
Daniel

@danielslyman commented on GitHub (Jul 24, 2020): I have the same issue unfortunately, and yes, my secret do have special characters. Any way to fix this? Thank, Daniel
Author
Owner

@danielslyman commented on GitHub (Jul 24, 2020):

uzzleHttp\Exception\ClientException
Client error: POST https://login.microsoftonline.com/common/oauth2/token resulted in a 401 Unauthorized response: {"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: 2e46836e-e (truncated...)

@danielslyman commented on GitHub (Jul 24, 2020): uzzleHttp\Exception\ClientException Client error: `POST https://login.microsoftonline.com/common/oauth2/token` resulted in a `401 Unauthorized` response: {"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: 2e46836e-e (truncated...)
Author
Owner

@danielslyman commented on GitHub (Jul 24, 2020):

This may help:
https://stackoverflow.com/questions/41133573/microsoft-graph-rest-api-invalid-client-secret

@danielslyman commented on GitHub (Jul 24, 2020): This may help: https://stackoverflow.com/questions/41133573/microsoft-graph-rest-api-invalid-client-secret
Author
Owner

@danielslyman commented on GitHub (Jul 27, 2020):

@ssddanbrown - could you please please help? This would be perfect for our organisation but we need this integration to make it workable for us.

@danielslyman commented on GitHub (Jul 27, 2020): @ssddanbrown - could you please please help? This would be perfect for our organisation but we need this integration to make it workable for us.
Author
Owner

@ssddanbrown commented on GitHub (Jul 28, 2020):

@danielslyman Can you try wrapping the secret in quotes within the .env file? So like:

AZURE_APP_SECRET="my-secret-key"

Otherwise, can you rengerate the key in azure?

Otherwise, please can you confirm your BookStack version & confirm if you have MFA active in azure.

@ssddanbrown commented on GitHub (Jul 28, 2020): @danielslyman Can you try wrapping the secret in quotes within the `.env` file? So like: ```bash AZURE_APP_SECRET="my-secret-key" ``` Otherwise, can you rengerate the key in azure? Otherwise, please can you confirm your BookStack version & confirm if you have MFA active in azure.
Author
Owner

@danielslyman commented on GitHub (Jul 28, 2020):

I can confirm that wrapping the secret in quotes rather than brackets does the trick! Thanks so much for helping :)

It may be useful to change the hint in the .env file:

"# Replace the below (including '{}' braces) with your azure APP_ID and APP_SECRET and TENANT"

@danielslyman commented on GitHub (Jul 28, 2020): I can confirm that wrapping the secret in quotes rather than brackets does the trick! Thanks so much for helping :) It may be useful to change the hint in the .env file: "# Replace the below (including '{}' braces) with your azure APP_ID and APP_SECRET and TENANT"
Author
Owner

@danielslyman commented on GitHub (Jul 28, 2020):

Follow-up:

What would be the easiest way to hide the regular login form? Are those css classes/ids used elsewhere or can I simply do a display: none; ?

Thanks,
Daniel

@danielslyman commented on GitHub (Jul 28, 2020): Follow-up: What would be the easiest way to hide the regular login form? Are those css classes/ids used elsewhere or can I simply do a display: none; ? Thanks, Daniel
Author
Owner

@ssddanbrown commented on GitHub (Jul 28, 2020):

@danielslyman Awesome, Glad that worked. Will therefore close this off.

For the login form, you could use the action of the form itself, like so:

<style>
form[action$="/login"], form[action$="/login"] + hr {
    display: none;
}
</style>
@ssddanbrown commented on GitHub (Jul 28, 2020): @danielslyman Awesome, Glad that worked. Will therefore close this off. For the login form, you could use the action of the form itself, like so: ```html <style> form[action$="/login"], form[action$="/login"] + hr { display: none; } </style> ```
Author
Owner

@danielslyman commented on GitHub (Aug 1, 2020):

@danielslyman Awesome, Glad that worked. Will therefore close this off.

For the login form, you could use the action of the form itself, like so:

<style>
form[action$="/login"], form[action$="/login"] + hr {
    display: none;
}
</style>

I can confirm this works perfectly, should remove the confusion for staff. I also opted for the snippet below, removing the + hr to retain the line separator - looks more pleasing to me.

<style>
form[action$="/login"], form[action$="/login"] {
    display: none;
}
</style>

Thank you so much!

@danielslyman commented on GitHub (Aug 1, 2020): > @danielslyman Awesome, Glad that worked. Will therefore close this off. > > For the login form, you could use the action of the form itself, like so: > > ``` > <style> > form[action$="/login"], form[action$="/login"] + hr { > display: none; > } > </style> > ``` I can confirm this works perfectly, should remove the confusion for staff. I also opted for the snippet below, removing the + hr to retain the line separator - looks more pleasing to me. > > ``` > <style> > form[action$="/login"], form[action$="/login"] { > display: none; > } > </style> > ``` Thank you so much!
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/BookStack#1712