问题
I have registered an AzureAD application which is a public client / Native Client.
I am using the standard code generated by Azure in the portal.
the important bits being
static App()
{
_clientApp = PublicClientApplicationBuilder.Create(ClientId)
.WithLogging((level, message, containsPii) =>
{
System.Diagnostics.Debug.WriteLine("*************************");
System.Diagnostics.Debug.WriteLine($"{level}: {message}");
}, LogLevel.Verbose, true, true)
.WithAuthority($"{Instance}{Tenant}")
.WithRedirectUri(RedirectURI)
.Build();
TokenCacheHelper.EnableSerialization(_clientApp.UserTokenCache);
}
and
authResult = await app.AcquireTokenInteractive(scopes)
.WithAccount(accounts.FirstOrDefault())
.WithParentActivityOrWindow(new WindowInteropHelper(this).Handle) // optional, used to center the browser on the window
.WithPrompt(Prompt.SelectAccount)
.ExecuteAsync();
The returned error is;
"AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.
Following what I for example read here and in most places in AzureAD I have changed the default type to Public client.
I am still getting the same error.
I have enabled logging and I think i have the relevant part below
Info: (False) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) An authorization code was retrieved from the /authorize endpoint. Info: (False) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) Exchanging the auth code for tokens Info: (False) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) === InteractiveParameters Data === LoginHint provided: False User provided: False UseEmbeddedWebView: NotSpecified ExtraScopesToConsent: Prompt: select_account HasCustomWebUi: False
Info: (False) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) Response status code does not indicate success: 401 (Unauthorized). Warning: (False) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) Request retry failed. Info: (False) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) HttpStatusCode: 401: Unauthorized Error: (True) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) MSAL.Desktop.4.13.0.0.MsalServiceException: ErrorCode: invalid_client Microsoft.Identity.Client.MsalServiceException: A configuration issue is preventing authentication - check the error message from the server for details.You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.
It appears I am getting a authorization code but failing to get the tokens. The error being 401 (Unauthorized).
Can someone please help me to understand this?
回答1:
There are two steps to fix this issue.
1.Change the default client type to Public client.
2.Add Mobile and desktop applications platform
来源:https://stackoverflow.com/questions/61868140/cannot-authenticate-azuread-native-client-application