Skip to content

invalid_client Error - All Auth Flows Broken for Bedrock #139

Closed
Closed
invalid_client Error - All Auth Flows Broken for Bedrock#139
@Futureganteng

Description

@Futureganteng
Futureganteng
opened on Oct 28, 2025

invalid_client Error - All Auth Flows Broken for Bedrock

🐛 Bug Report

Summary

All authentication flows (live, msal, sisu) are failing with invalid_client error when trying to connect to Minecraft Bedrock servers using bedrock-protocol + prismarine-auth.

Error Message

{
  "error": "invalid_client",
  "error_description": "The client does not exist or is not enabled for consumers. If you are the application developer, configure a new application through the App Registrations in the Azure Portal at https://go.microsoft.com/fwlink/?linkid=2083908."
}

Environment

  • prismarine-auth version: 2.7.0 (latest)
  • bedrock-protocol version: 3.49.0
  • Node.js version: v22.21.0
  • Platform: Linux (Ubuntu/Debian)
  • Date: October 28, 2025

Steps to Reproduce

  1. Install dependencies:
npm install bedrock-protocol
  1. Create minimal reproduction script:
const bedrock = require('bedrock-protocol');

const client = bedrock.createClient({

host: 'play.example.com',

port: 19132,

offline: false,

flow: 'live', // Also tested: 'msal', 'sisu'

onMsaCode: (data) => {

console.log('Auth URL:', data.verification_uri);

console.log('Code:', data.user_code);

}

});

  1. Run the script:
node test.js
  1. Observe error:
Error: 400 Bad Request
{"error":"invalid_client","error_description":"..."}

Expected Behavior

  • Device code should be displayed
  • User can authenticate via browser
  • Bot connects with Xbox Live credentials

Actual Behavior

  • Error occurs before device code is generated
  • All auth flows fail with invalid_client
  • Error suggests Azure client ID is invalid/disabled

Tested Auth Flows

All flows return the same error:

Flow Status Error
live ❌ Failed invalid_client
msal ❌ Failed invalid_client
sisu ❌ Failed invalid_client

Full Error Stack

Error refreshing token Error: 400 Bad Request {
  "error":"invalid_client",
  "error_description":"The client does not exist or is not enabled for consumers. If you are the application developer, configure a new application through the App Registrations in the Azure Portal at https://go.microsoft.com/fwlink/?linkid=2083908.",
  "correlation_id":"..."
}
    at checkStatus (/node_modules/prismarine-auth/src/common/Util.js:10:11)
    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
    at async LiveTokenManager.refreshTokens (/node_modules/prismarine-auth/src/TokenManagers/LiveTokenManager.js:49:19)
    at async LiveTokenManager.verifyTokens (/node_modules/prismarine-auth/src/TokenManagers/LiveTokenManager.js:25:9)
    at async MicrosoftAuthFlow.getMsaToken (/node_modules/prismarine-auth/src/MicrosoftAuthFlow.js:97:9)

Analysis

The error suggests Microsoft has deprecated or disabled the public Azure client IDs used by prismarine-auth for consumer accounts.

Possible causes:

  1. Microsoft changed Azure AD policies for consumer accounts
  2. Public client IDs were revoked/disabled
  3. New authentication requirements for Minecraft services
  4. Regional restrictions or changes

Workarounds Attempted

All failed:

  • ✅ Cleared all cache (rm -rf ~/.prismarine/ ./auth_tokens/)
  • ✅ Tested all auth flows (live, msal, sisu)
  • ✅ Updated to latest prismarine-auth version
  • ✅ Tested on fresh Microsoft account with Xbox profile initialized
  • ✅ Verified Xbox profile exists (can login to Minecraft Bedrock on Android)
  • None worked

Impact

This bug affects:

  • All users trying to authenticate with Xbox Live for Bedrock servers
  • Bots requiring online-mode authentication
  • Any project using bedrock-protocol with Xbox authentication

Currently, only offline mode works.

Proposed Solutions

  1. Update Azure Client IDs: Register new Azure App and update hardcoded client IDs in the library
  2. Custom Client ID Support: Allow users to provide their own Azure client ID
  3. Alternative Auth Method: Implement a different authentication flow that doesn't rely on deprecated client IDs

Additional Context

  • Issue seems recent (late 2024/early 2025)
  • Java Edition authentication (minecraft-protocol) may have similar issues
  • Microsoft's security policies have been tightening for consumer accounts

Related Issues

<!-- Link to any related issues if found -->

Is this a known issue? Any ETA on a fix?

I'm happy to help test solutions or contribute a PR if guidance is provided on the proper client ID to use.

invalid_client Error - All Auth Flows Broken for Bedrock

🐛 Bug Report

Summary

All authentication flows (live, msal, sisu) are failing with invalid_client error when trying to connect to Minecraft Bedrock servers using bedrock-protocol + prismarine-auth.

Error Message

{
  "error": "invalid_client",
  "error_description": "The client does not exist or is not enabled for consumers. If you are the application developer, configure a new application through the App Registrations in the Azure Portal at https://go.microsoft.com/fwlink/?linkid=2083908."
}

Environment

  • prismarine-auth version: 2.7.0 (latest)
  • bedrock-protocol version: 3.49.0
  • Node.js version: v22.21.0
  • Platform: Linux (Ubuntu/Debian)
  • Date: October 28, 2025

Steps to Reproduce

  1. Install dependencies:
npm install bedrock-protocol
  1. Create minimal reproduction script:
const bedrock = require('bedrock-protocol');

const client = bedrock.createClient({

host: 'play.example.com',

port: 19132,

offline: false,

flow: 'live', // Also tested: 'msal', 'sisu'

onMsaCode: (data) => {

console.log('Auth URL:', data.verification_uri);

console.log('Code:', data.user_code);

}

});

  1. Run the script:
node test.js
  1. Observe error:
Error: 400 Bad Request
{"error":"invalid_client","error_description":"..."}

Expected Behavior

  • Device code should be displayed
  • User can authenticate via browser
  • Bot connects with Xbox Live credentials

Actual Behavior

  • Error occurs before device code is generated
  • All auth flows fail with invalid_client
  • Error suggests Azure client ID is invalid/disabled

Tested Auth Flows

All flows return the same error:

Flow Status Error
live ❌ Failed invalid_client
msal ❌ Failed invalid_client
sisu ❌ Failed invalid_client

Full Error Stack

Error refreshing token Error: 400 Bad Request {
  "error":"invalid_client",
  "error_description":"The client does not exist or is not enabled for consumers. If you are the application developer, configure a new application through the App Registrations in the Azure Portal at https://go.microsoft.com/fwlink/?linkid=2083908.",
  "correlation_id":"..."
}
    at checkStatus (/node_modules/prismarine-auth/src/common/Util.js:10:11)
    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
    at async LiveTokenManager.refreshTokens (/node_modules/prismarine-auth/src/TokenManagers/LiveTokenManager.js:49:19)
    at async LiveTokenManager.verifyTokens (/node_modules/prismarine-auth/src/TokenManagers/LiveTokenManager.js:25:9)
    at async MicrosoftAuthFlow.getMsaToken (/node_modules/prismarine-auth/src/MicrosoftAuthFlow.js:97:9)

Analysis

The error suggests Microsoft has deprecated or disabled the public Azure client IDs used by prismarine-auth for consumer accounts.

Possible causes:

  1. Microsoft changed Azure AD policies for consumer accounts
  2. Public client IDs were revoked/disabled
  3. New authentication requirements for Minecraft services
  4. Regional restrictions or changes

Workarounds Attempted

All failed:

  • ✅ Cleared all cache (rm -rf ~/.prismarine/ ./auth_tokens/)
  • ✅ Tested all auth flows (live, msal, sisu)
  • ✅ Updated to latest prismarine-auth version
  • ✅ Tested on fresh Microsoft account with Xbox profile initialized
  • ✅ Verified Xbox profile exists (can login to Minecraft Bedrock on Android)
  • None worked

Impact

This bug affects:

  • All users trying to authenticate with Xbox Live for Bedrock servers
  • Bots requiring online-mode authentication
  • Any project using bedrock-protocol with Xbox authentication

Currently, only offline mode works.

Proposed Solutions

  1. Update Azure Client IDs: Register new Azure App and update hardcoded client IDs in the library
  2. Custom Client ID Support: Allow users to provide their own Azure client ID
  3. Alternative Auth Method: Implement a different authentication flow that doesn't rely on deprecated client IDs

Additional Context

  • Issue seems recent (late 2024/early 2025)
  • Java Edition authentication (minecraft-protocol) may have similar issues
  • Microsoft's security policies have been tightening for consumer accounts

Related Issues

<!-- Link to any related issues if found -->

Is this a known issue? Any ETA on a fix?

I'm happy to help test solutions or contribute a PR if guidance is provided on the proper client ID to use.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions