OAUTH Import Emails error re: secret value

I have followed all of the steps in the Admin guide to configure Email Configuration with OAUTH.  I can send emails fine, so I know my Azure AD setup, Client ID and Secret are all correct.

I then followed the steps for Administration | Email and Documents | OAuth 2.0 Settings for Importing Contacts and Emails. When I try and Import Emails on a Company record, I get the error messages below.  What's odd is that the error message is telling me to use the "client secret value, not the client secret ID".  So I tried entering the value but I get the same error message.

AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app 'xxxx'.
Trace ID: <xxxx>
Correlation ID: <xxxx>
Timestamp: 2022-12-05 13:19:28Z
CompactToken parsing failed with error code: 80049217
  • Note that I've since:

    1. ran through the 2022 2.1 upgrade successfully

    2. deleted my cache

    3. opened an InPrivate window in Edge

    4. logged into CRM as Admin and reset the Secret for Importing Contacts and Emails

    5. I then opened an InPrivate Chrome window, logged in as my CRM user, went to Preferences and re-connected to my email account.  I then tried to import emails and also contacts – both fail with same error.

      I've asked CRM Support for instructions with the exact steps to follow after running the upgrade beyond what I've already tried and will share whatever they come up with.  If anyone has these, please do share.  Thanks.

  • We got this working but the solution was to register a new application in Azure - we found no problems with the 1st application.  So a bit of a mystery there. 

    *** IMPORTANT POINT ***: based on repeated testing with CRM Support, both the Admin form itself, and Sys Admin documentation, are wrong.  Both refer to the client Secret but should refer to the Value.  The documentation needs to be corrected in two places

    1. Page 240 of the Admin Guide, Steps to enable import of contacts and email messages, step 2 reads: 

    In Sage CRM, go to | Administration | Email and Documents | OAuth 2.0 Settings for Importing Contacts and Emails, select Change, and enter the obtained client ID and secret.

    This last word should be value:  so enter the "value", not the "secret". 

    2. The next page, Page 241 - replace both "secret" words with "value":

    OAuth 2.0 client secret: The client secret corresponding to the OAuth 2.0 client ID.

    Again, the Admin form itself - at Administration | Email and Documents | OAuth 2.0 Settings for Importing Contacts and Emails - the field caption should display "value", not "secret".

  • I also had this problem today.  I found that deleting the secret in Azure Active Directory and creating a new one did the trick.  Once the new secret value was updated in OAuth 2.0 Settings for Importing Contacts and Emails, users were able to connect email addresses and download emails.