Microsoft identity platform and OAuth 2.0 authorization code flow (PKCE) - Error "AADSTS700025"
Trying to get access token by following the microsoft instructions.But I get an error, for that there is no answer with a solution. What am I doing wrong, what this mean in my situation? enter image description here Requests: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize *auth_code : client_id & response_type & redirect_uri & response_mode & scope & code_challenge & code_challenge_method.
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token *get access token: client_id & scope & code & redirect_uri & grant_type & code_verifier & client_secret.(Content-Type: application/x-www-form-urlencoded) redirect_uri == are the same in both cases.
In the first request it is possible to get auth_code, but when i trying to get access token with this auth_code then I get : Error "AADSTS700025" Client is public so neither 'client_assertion' nor 'client_secret' should be presented. But I use client_secret NOT client_assertion_type & client_assertion. Followed the microsoft instructions...
Reproduce the same kind of issue as you are facing (As i am using AuthCode to generate Access Token)
Solution--
Aussming you are using grant_type is client_credentials to get the access token using below API:
https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token
To get the access token you don't require the AuthCode you can get it by client credentails only. Please do the configuration as i did below picture in my Body.
- What If Session Expires While User Is Still On The Website
- Remix run: Authentication succeeds on validation failures
- Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
- Using two or more SecurityFilterChains with Spring Security 6 does not work properly, only one chain is invoked
- What is the purpose of the 'state' parameter in OAuth authorization request
- OAuth 2.0 Single Client Configuration for Web and Mobile Applications
- OAuth 2 access_token vs OpenId Connect id_token
- Spring Security - Multiple OAuth2 Identity providers (github and google) work with only one Bean with @Prirmary?
- Error in oAuth2 Google APIs - invalid_request "You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy"
- MSAL Node service & The Partner Center API
- How to change the app name for Firebase authentication (what the user sees)
- Generate token fails for Azure app which is both client and API (client credentials workflow)
- Is it okay to encrypt a 3rd party access token and refresh token, in an encrypted JWT?
- Is a Client Secret Required for Google OAuth 2.0 using the PKCE Authorization Flow? Should I Expose the Client Secret Publicly?
- What is the purpose of a "Refresh Token"?
- Pagination with oauth azure data factory
- How to use supabase google auth provider in react naive expo app
- How to bypass keycloak login page and provide client suggested idp with spring security
- Issue with Discord OAuth2 redirect_uri component
- npm install error - invalid package.json
- Google Identity Platform: Using OAuth 2.0 in Powershell using Firebase Admin SDK private key
- Can I get the company name/logo with the LinkedIn API?
- PayPal REST API credentials of another business or party
- Configuring spring-boot-starter-oauth2-client to authenticate with Azure AD
- Problems logging into coinbase api with oauth2
- Azure authentification for multiple audience using WithExtraScopesToConsent and AcquireTokenSilent
- Microsoft OAuth authorization code flow CORS
- How to authorize a request to the FCM v1 API with an access token
- Error creating bean with name 'corsConfigurationSource'
- MailKit OAuth2 SMTP Office365 Send Mail