Azure Synapse pipeline fails with 'invalid_client_id' despite successful test connection

MURAS Miro 21 Reputation points
2025-08-28T13:49:46.2566667+00:00

I'm encountering a frustrating issue with my Azure Synapse pipeline. My pipeline fails with an 'invalid_client_id' error when a copy activity attempts to write to a Salesforce sink using Client ID/Secrets during Azure Synapse Salesforce Cloud System parameters in the Linked Service connector. The strange part is that the linked service's test connection is consistently successful, which suggests the Client ID and Client Secret are correct.

Error Details (JSON):

{

"errorCode": "2200", "message": "Failure happened on 'Sink' side. ErrorCode=SalesforceOAuth2ClientCredentialFailure,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=Unable to establish connection to the Salesforce environment using provided client id and client secret, please verify the details. Error message: {\"error\":\"invalid_client_id\",\"error_description\":\"client identifier invalid\"},Source=Microsoft.Connectors.Salesforce,'", "activityId": "83646344-a84f-XXXXXXXXXX"

}

Configuration Azure Synapse Linked Service:

Configured to use OAuth 2.0 Client Credentials Flow.

Salesforce Connected App:

OAuth Scopes: api and refresh_token, offline_access are selected.

IP Relaxation: Set to Relax IP Restrictions.

Run As User: The user assigned has the API Enabled permission.

Troubleshooting Steps Performed

Verified Credentials: Re-copied and pasted the Consumer Key (Client ID) and Consumer Secret (Client Secret) from Salesforce to Azure Synapse.

API Only User: Confirmed a user with the "API Only User" permission is selected in the Connected App's Run As field for the OAuth Client Credentials Flow.

Managed Identity: Verified that the 'API Only' Salesforce user is properly added to the Azure Managed Identity.

Test Connection: The linked service's test connection consistently returns a successful result, indicating that the credentials are valid for the test endpoint; however, they are failing during the pipeline's runtime execution.

The Question:

Given that the error message is specific to the client identifier and the test connection works, I'm at a loss to understand what could be different between the test and the runtime execution.

Any guidance would be greatly appreciated. Thank you!

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Vinodh247 37,216 Reputation points MVP Volunteer Moderator
    2025-08-28T16:30:57.2066667+00:00

    This might happen because the test conn and runtime execution use different contexts.

    Check these first:

    Ensure the Linked Service domain URL matches your Salesforce environment (login, test, or custom domain).

    Verify the integration runtime used at runtime has access and uses the same credentials.

    Confirm the Connected App allows client credentials flow with correct scopes (api, maybe full), and regenerate the secret if needed.

    If using Managed Identity, ensure it is correctly mapped during runtime.

    Most often, the mismatch is the Salesforce URL or different runtime authentication path.

    Fix to try:

    1. Check your Salesforce domain
      • Use https://login.salesforce.com for production.
      • Use https://test.salesforce.com for sandbox.
      • Use custom domain URL if your org enforces it.
    2. Recreate and update credentials
      • Regenerate the Consumer Secret in Salesforce.
      • Update the Linked Service with the new Client ID and Secret.
    3. Validate Integration Runtime
      • Make sure the pipeline runs on the same IR as the test connection.
      • If using Managed Identity, confirm proper permissions are assigned.
    4. Test outside Synapse
      • Use Postman with the same credentials to confirm token retrieval works.
    5. Rerun the pipeline
      • Debug run with detailed logging to confirm token generation is successful.

    Please 'Upvote'(Thumbs-up) and 'Accept' as answer if the reply was helpful. This will be benefitting other community members who face the same issue.

    0 comments No comments

  2. MURAS Miro 21 Reputation points
    2025-08-28T17:27:38.7833333+00:00

    I was facing a versioning issue with the Salesforce connector in Azure Synapse. I resolved the problem by updating the Linked Service to use a different version of the connector, which re-established a stable and compatible data connection.image


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.