Low severityauthentication
Power BI Error:
AADSTS90112
What does this error mean?
The client_id passed to Azure AD / Entra ID is not a valid GUID, so the authorization endpoint rejects the request before sign-in.
Common causes
- 1The `client_id` parameter contains the application's display name or App ID URI instead of the Application (client) ID GUID from the app registration overview.
- 2A placeholder value (e.g. `<your-client-id>`, `YOUR_APP_ID`) was left in a config file, environment variable, or connection string and never replaced.
- 3The client_id was truncated, URL-encoded, or wrapped in quotes/whitespace during copy-paste, breaking the GUID format.
- 4A custom Power BI / ADF / Fabric connector or service principal flow is reading the wrong field from Key Vault or app settings (e.g. Object ID or Tenant ID instead of Application ID).
- 5An on-behalf-of or token exchange call passes an upstream resource identifier in the client_id slot.
How to fix it
- 1Open the Microsoft Entra admin center → App registrations → your app, and copy the exact value from the **Application (client) ID** field on the Overview blade — this is the GUID that must be sent.
- 2Inspect the failing request: in browser DevTools (Network → the `/oauth2/v2.0/authorize` or `/token` call) or Fiddler, confirm the `client_id` query/body parameter is a 36-char GUID with hyphens and no quotes, brackets, or whitespace.
- 3Replace the bad value in the source of truth — Power BI custom connector parameters, ADF linked service JSON, Fabric data pipeline, Databricks secret scope, or the app's environment variables / Key Vault secret — and redeploy or refresh the credential.
- 4Do NOT confuse Application (client) ID with Object ID, Directory (tenant) ID, or the App ID URI (`api://...`) — only the Application (client) ID GUID belongs in `client_id`.
- 5If the client_id looks correct, decode any URL-encoding and check for hidden characters (zero-width spaces, smart quotes) introduced by copy-pasting from docs or chat tools.