c#.netazuremicrosoft-graph-api
MsalException: AADSTS7000218 The request body must contain the following parameter: client_assertion\u0027 or client_secret
I am following this tutorial:
and copypasted the example of my previously made App just like that:
string[] scopes = new string[] { "user.read" };
var app = PublicClientApplicationBuilder.Create("YOUR_CLIENT_ID")
.WithDefaultRedirectUri()
.Build();
var accounts = await app.GetAccountsAsync();
AuthenticationResult result;
try
{
result = await app.AcquireTokenSilent(scopes, accounts.FirstOrDefault())
.ExecuteAsync();
}
catch (MsalUiRequiredException)
{
result = await app.AcquireTokenInteractive(scopes).ExecuteAsync();
}
However I get this error:
{
"error": "invalid_client",
"error_description": "AADSTS7000218: The request body must contain the following parameter: \u0027client_assertion\u0027 or \u0027client_secret\u0027.,
"error_codes": [
7000218
],
"error_uri": "https://login.microsoftonline.com/error?code\u003d7000218"
}
I tried, among other things, turning
Allow public client flows
On my App, but it does not work. I am confused ; I should NOT require a secret.
Here is my manifest:
{
"id": "id",
"acceptMappedClaims": null,
"accessTokenAcceptedVersion": 2,
"addIns": [],
"allowPublicClient": true,
"appId": "id",
"appRoles": [],
"oauth2AllowUrlPathMatching": false,
"createdDateTime": "Date",
"description": null,
"certification": null,
"disabledByMicrosoftStatus": null,
"groupMembershipClaims": null,
"identifierUris": [],
"informationalUrls": {
"termsOfService": null,
"support": null,
"privacy": null,
"marketing": null
},
"keyCredentials": [],
"knownClientApplications": [],
"logoUrl": null,
"logoutUrl": null,
"name": "mzname",
"notes": null,
"oauth2AllowIdTokenImplicitFlow": false,
"oauth2AllowImplicitFlow": false,
"oauth2Permissions": [],
"oauth2RequirePostResponse": false,
"optionalClaims": null,
"orgRestrictions": [],
"parentalControlSettings": {
"countriesBlockedForMinors": [],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [],
"preAuthorizedApplications": [],
"publisherDomain": "domain",
"replyUrlsWithType": [
{
"url": "https://login.microsoftonline.com/common/oauth2/nativeclient",
"type": "Web"
}
],
"requiredResourceAccess": [
{
//things...
}
],
"samlMetadataUrl": null,
"signInUrl": null,
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": [],
"tokenEncryptionKeyId": null
}
Solution
The error occurs if you add redirect URI in platform other than "Mobile & desktop applications" while using interactive flow with public client flow option enabled.
Initially, I too got same error when I added redirect URI in Web platform and tried to generate token with interactive flow:
To resolve the error, remove redirect URI from Web platform and add http://localhost under "Mobile & desktop applications" platform for interactive flows like this:
When I ran the code again after making above change, I got the access token successfully after user authentication:
using Microsoft.Identity.Client;
class Program
{
static async Task Main(string[] args)
{
string clientId = "appId";
string[] scopes = new string[] { "User.Read" };
var app = PublicClientApplicationBuilder.Create(clientId)
.WithDefaultRedirectUri()
.Build();
try
{
AuthenticationResult result = await AuthenticateAsync(app, scopes);
Console.WriteLine($"Access Token: {result.AccessToken}");
}
catch (MsalServiceException ex)
{
Console.WriteLine(ex.ResponseBody);
}
catch (Exception ex)
{
Console.WriteLine($"Error: {ex.Message}");
}
}
static async Task<AuthenticationResult> AuthenticateAsync(IPublicClientApplication app, string[] scopes)
{
var accounts = await app.GetAccountsAsync();
AuthenticationResult result;
try
{
result = await app.AcquireTokenSilent(scopes, accounts.FirstOrDefault()).ExecuteAsync();
}
catch (MsalUiRequiredException)
{
result = await app.AcquireTokenInteractive(scopes).ExecuteAsync();
}
return result;
}
}
Response:
If the error still persists, try creating new application and make sure to add redirect URI as http://localhost in "Mobile & desktop applications" platform.
Reference:
- Simple frame by frame video decoder library
- GCC no longer implements <varargs.h>
- Contents of IO buffer unknown == unsafe?
- Avoiding strcpy overflow destination warning
- Sort program not working, not sure why
- Fast & accurate atan/arctan approximation algorithm
- What's the difference between strtok_r and strtok_s in C?
- How memory address for pointer to arrays is same as an element in 2D array?
- Which is the best way to suppress "unused variable" warning
- How to use ellipsis in c's case statement?
- How can I exclude non-numeric keys? CS50 Caesar Pset2
- Fast ceiling of an integer division in C / C++
- Is there an invalid pthread_t id?
- How to Implement Universal Setter/Getter Functions for Interrupt-Driven Variables in Embedded C?
- How does SIMD (avx) processing work? for example, if I want 10 32 bit floats how do i fit in a 256 bit avx vector?
- FDCAN problems on STM32G4
- How does the call macro enable mutual recursion between functions f and g in this Hanoi Tower implementation?
- Running test on Rocket core CPU - global variable initialized to 0 is unsuccessful, output wrong value instead
- Interacting with C arrays without knowing the size
- Combination of two strings
- carriage return by fgets
- How to use special characters in C?
- Why does 1.0/100.0 == 0.1/10.0 give True?
- Is it correct to compare pointers in C?
- Force free() to return malloc memory back to OS
- How can I print to standard error in C with 'printf'?
- What is the standard behavior of fread in C on Windows?
- How is strtok removing lines it shouldn't have access to?
- Using array as smart point in C
- Assigning string to malloced 2d char array not working as intended