CREATE EXTERNAL OAUTH TOKEN USING AZURE AD - Client Secret masked

Question

I am trying Oauth steps from the snowflake community documentation, [link][1] for reference

Received below error while running the curl command part of "Section 3: Generating the JWT token used for authentication."

{"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: 13b60cb5-2f1b-4131-bcfc-f1473e31e303\r\nCorrelation ID: 9eb62705-b0b7-428d-aabb-1e65702aba71\r\nTimestamp: 2021-08-08 04:43:37Z","error_codes":[7000215],"timestamp":"2021-08-08 04:43:37Z","trace_id":"13b60cb5-2f1b-4131-bcfc-f1473e31e303","correlation_id":"9eb62705-b0b7-428d-aabb-1e65702aba71","error_uri":"https://login.microsoftonline.com/error?code=7000215"}

On further analysis, found that client_secret is encrypted in Azure when compared with Step 9 from Section 2 of the link.

Image link from Azure for reference - https://i.stack.imgur.com/BE8hk.png

I am able to copy Secret Id but not Secret Value, which has to be passed with the curl command for client_secret

curl -X POST -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" \
--data-urlencode "client_id=<OAUTH_CLIENT_ID>" \
--data-urlencode "client_secret=<OAUTH_CLIENT_SECRET>" \
--data-urlencode "grant_type=client_credentials" \
--data-urlencode "scope=<URL_FROM_AZURE_AD>/.default" \
'<AZURE_AD_OAUTH_TOKEN_ENDPOINT>'

Any suggestions please. Thanks in advance! [1]: https://community.snowflake.com/s/article/Create-External-OAuth-Token-Using-Azure-AD-For-The-OAuth-Client-Itself [2]: https://i.stack.imgur.com/BE8hk.png

Answer 1

The Client secret value has to be copied at the time of creating the Client on Azure because after that it is masked and cannot be listed for references.