Entra ID OIDC Failed Auth Attempt Logs
I have an Azure Entra ID OIDC app. It's configured with a client secret for machine-to-machine auth using grant_type=client_credentials.
I would like to find logs in Azure for failed OIDC login attempts (e.g. requests to https://login.microsoftonline.com/mytenant/oauth2/token that have the wrong client_id field). Note that I want to see logs for all failed attempts to my tenant, not just logs for attempts that have valid client_id fields.
I cannot seem to find such logs for failed OIDC token attempts anywhere in the console. The Sign-In Logs doesn't show any failed attempts, nor does the Audit Logs section under Entra ID (even after I made several failed attempts myself).
Where can I find these logs?
Note: Invalid
client_idfailures do not appear in the Azure AD Sign-In Logs because these requests are often rejected at the point of client ID validation, before the system even attempts to authenticate.
- When an OAuth2 client credentials flow request is made (such as when requesting an access token via the
client_credentialsgrant type), theclient_idis the first piece of information that Azure AD checks. - If the
client_idis invalid (i.e., it doesn't match any registered application in Azure AD), Azure AD usually doesn't process the authentication request further. The request is effectively rejected before it even gets to the point of secret verification or token generation.
For sample, If the client_id is valid but the client_secret is incorrect, the request proceeds further in the authentication flow (after validating the client_id), and the failure is logged in the Sign-In Logs with an error like invalid_client_secret.
Hence Azure AD will not log invalid client_id failures explicitly, as it is considered an error that occurs before authentication actually takes place.
- The Sign-In Logs are focused on capturing authentication-related events that involve the full OAuth2 flow, including issues like invalid secrets, tokens, or grants, rather than early errors like an unrecognized
client_id
I tried to generate access token by passing the wrong client secret:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
grant_type : client_credentials
client_id : ClientID
client_secret : Secret
scope : https://graph.microsoft.com/.default
This invalid secret failure log is captured under the Sign-in logs of Service principal sign-ins:
But Now I tried to pass the invalid client ID, there is no log captured:
- Unable to connect to Azure Function App after integrating into VNET
- add-kdsrootkey error the request is not supported
- How do you use Active Directory in a "hosted solution"?
- How can I select the proper openai.api_version?
- Increase EventGrid's event size, to prevent 413 Payload Too Large
- Automation Account Importing PowerShell Module Issue
- Additional Python Files in azure Function
- CosmosDB - Can't use Dedicated Gateway with Virtual Network
- Accessing Azure Log Analytics from Portal via AMPLS
- Authorized Client Applications not working with azure-cli
- EventData having serialisation problem after migrating Azure function app from .NET 6 In Process to .NET 8 Isolated
- Access Token Issuer from Azure AD is sts.windows.net Instead Of login.microsoftonline.com
- How to make right table data for pie chart rendering?
- Azure function app (v4 / node.js) no functions found after zip deployment
- Triggering 2nd Azure Pipeline After Successful Run on 1st pipeline
- Move data from one component to the next in Azure Machine Learning
- AzureRM maintenance configuration - set to a specific day to run
- How to enable Calico network policy on the existing AKS cluster
- Anonymous blob download returns 403 Forbidden
- TLS Termination in K8S Gateway API (azure implementation) Resource?
- How to set session proxy in Azure Python SDK for NetworkManagementClient?
- Power BI report of excel data source
- Redis Data Persistence Issue in Azure Container Instance (ACI)
- External Identities - Customize Verification Code mail on signup
- Node.js/Express configuration for Azure OIDC not returning requested refresh token
- script not being recognized as function as a function app
- Consume RESTful service located On-Premises from Azure
- HTTP request to update Service Principal Entra
- Access token not working Azure AD custom policy
- Application Insights - How to sort by custom dimension