Error when trying to authentifcate against Azure AD
I am using a MSAL WinForms example
WindowsBrokerOptions brokerOptions = new WindowsBrokerOptions(); // (WindowsBrokerOptions.OperatingSystems.Windows);
string Instance = "https://login.microsoftonline.com/";
_clientApp = PublicClientApplicationBuilder.Create(_clientId)
.WithAuthority($"{Instance}{_tenantId}")
.WithDefaultRedirectUri()
.WithWindowsBrokerOptions(brokerOptions)
.Build();
MsalCacheHelper cacheHelper = CreateCacheHelperAsync().GetAwaiter().GetResult();
// Let the cache helper handle MSAL's cache, otherwise the user will be prompted to sign-in every time.
cacheHelper.RegisterCache(_clientApp.UserTokenCache);
AuthenticationResult authResult = null;
//var app = App.PublicClientApp;
GraphResultsTextBox.Text = string.Empty;
AccessTokenSourceLabel.Text = string.Empty;
// if the user signed-in before, remember the account info from the cache
IAccount firstAccount = (await _clientApp.GetAccountsAsync()).FirstOrDefault();
// otherwise, try witht the Windows account
if (firstAccount == null)
{
firstAccount = PublicClientApplication.OperatingSystemAccount;
}
try
{
authResult = await _clientApp.AcquireTokenSilent(scopes, firstAccount)
.ExecuteAsync();
}
catch (MsalUiRequiredException ex)
{
// A MsalUiRequiredException happened on AcquireTokenSilent.
// This indicates you need to call AcquireTokenInteractive to acquire a token
System.Diagnostics.Debug.WriteLine($"MsalUiRequiredException: {ex.Message}");
try
{
authResult = await _clientApp.AcquireTokenInteractive(scopes)
.WithAccount(firstAccount)
//.WithParentActivityOrWindow( // optional, used to center the browser on the window
.WithPrompt(Prompt.SelectAccount)
.ExecuteAsync();
}
catch (MsalException msalex)
{
GraphResultsTextBox.Text = $"Error Acquiring Token:{System.Environment.NewLine}{msalex}";
}
}
catch (Exception ex)
{
GraphResultsTextBox.Text = $"Error Acquiring Token Silently:{System.Environment.NewLine}{ex}";
return;
}
if (authResult != null)
{
GraphResultsTextBox.Text = await GetHttpContentWithToken(graphAPIEndpoint, authResult.AccessToken);
GraphResultsTextBox.Visible = true;
DisplayBasicTokenInfo(authResult);
this.SignOutButton.Visible = true;
}
SignInCallToActionLabel.Hide();
GraphResultsPanel.Show();
When I run it a browser opens and I select the correct account.
I then get the following in the browser
Authentication complete. You can return to the application. Feel free to close this browser tab.
However authResult is null and I get the following
rror Acquiring Token: MSAL.NetCore.4.70.0.0.MsalServiceException: ErrorCode: invalid_client Microsoft.Identity.Client.MsalServiceException: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.
I tried enabling public flow as per numerous Google results - but that did not work.
Interestingly it works on my Azure AD but when I try on a production AD for another tenant it does not - yes the ID's are call correct :)
Any ideas?
Here are my redirect config plus a http://localhost
The error "AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'" usually occurs if the Microsoft Entra ID application is not enabled as Public.
Make sure to set Allow public client flows to "Yes":
And also make sure to configure the redirect URL under Mobile and desktop applications platform:
Also make sure that you have no other platforms which is configured with redirect URL like below:
Delete Web redirect URLs:
If it's configured, then delete other platforms and keep only Mobile and desktop applications platform to resolve the issue.
- "Schema" property not found in Postgres Connector
- Downloading file from Azure blob storage via Memory Stream
- Reading env variable from template.yaml
- HTTP Error 500.30 - ASP.NET Core app failed to start - Azure
- Azure DevOps Pipelines: TerraformTaskV4: init with different subscription and Workflow Identity Federation
- Enabling HTTPS for a Azure blob static website
- How to search across many Azure Devops Git project and find all files which contain specific text AND which filename contains "Resource"
- Hosting SPA with Static Website option on Azure Blob Storage (clean URLs and Deep links)
- Using Managed Identity to Access Azure OpenAI Service
- Azure data factory not loading
- Transfer encrypted dataprotection keys from a windows vm to azure keyvault
- Refresh powerBI data with additional column
- Azure Application Insights AKS - How to Create 1 custom alert rule which will trigger multiple alerts, but with different names (per pod name)?
- gRPC and REST side by side in Azure App Service, Linux Container
- Connecting to a SignalR WSS stream but not getting the response i am looking for
- SignalR prevent user from opening multiple sessions in different tabs
- Application Insights -_logger.LogInformation
- CosmosDB is not allowing serverless capabalities to NoSQL, it says I must use CapacityMode
- Azure Webapp / Website Swap : HTTP Ping Error
- Microsoft Graph API - Update phoneMethods is no longer working
- Use Azure Key Vault secret in Header section of Web Activity
- Azure Storage blob getting the io.netty.channel.StacklessClosedChannelException while generating /downloading the from SasUrl
- How do I save and later load Azure AnalyzeResult object in python?
- Office 365 Exchange Online permission is not visible for registered application in azure active directory
- Azure ADF - HTTP : Table from list
- Self hosted azure devops build agent not getting tool from $PATH
- Azure devops pipeline stages template nesting
- Azure APIM is returning the incorrect HTTP response error when call is missing mandatory querystring parameter
- Azure DevOps build pipeline logid for a specific task - dynamically
- PS script to fetch the list non-compliance resource list with respect to policy from multiple subscriptions