Azure – Azure AD – resolving error – Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS7000218: The request body must contain the following parameter: ‘client_assertion’ or ‘client_secret’
Hi All,
LIFE IS BEAUTIFUL 🙂 I hope we all are safe:) STAY SAFE, STAY HEALTHY 🙂 STAY HOME 🙂
Today new issue and solution 🙂
Background: We have our background jobs (using CSOM) for governing the Teams. One of our job is archiving the Teams. We are using Microsoft Graph REST APIs to archive the Teams. For using Graph REST API we need access token.
Also for archiving the team (and making respective SharePoint site read-only) we need to get the AccessToken on behalf of user. Token retrieved on be half of App wont work here.
Following is the code to get the Access Token from Microsoft Identity Service (Azure AD) using user credentials as
string accessToken = string.Empty;
string credentialFilePath = "Path for text file which contain
credentials, saved on local file system";
string azureAppId = "My Azure App ID";
try{
var UserCredFilePath = System.IO.File.ReadAllLines(credentialFilePath);
var UserUPN = UserCredFilePath[0].Trim();
var UserPW = UserCredFilePath[1].Trim();
string resource = "https://graph.microsoft.com";
string authority = https://login.windows.net/{TenantId};
AuthenticationContext auth = new AuthenticationContext(authority,
false);
UserPasswordCredential userPasswordCredential = new
UserPasswordCredential(UserUPN, UserPW);
var authenticationResult = auth.AcquireTokenAsync(resource,
azureAppId,userPasswordCredential).Result;
accessToken = authenticationResult.AccessToken;
}
catch(Exception ex)
{
//ToDo: Error Handling
}We were getting an exception while executing above code. Exception is thrown while getting the result.
Exception / Error : System.AggregateException: One or more errors occurred. —> Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS7000218: The request body must contain the following parameter: ‘client_assertion’ or ‘client_secret’
StackTrace : Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: Response status code does not indicate success: 401 (Unauthorized).
at Microsoft.Identity.Core.OAuth2.OAuthClient.<GetResponseAsync>d__18`1.MoveNext() in D:\a\1\s\src\Microsoft.IdentityModel.Clients.ActiveDirectory\Core\OAuth2\OAuthClient.cs:line 66 — End of inner exception stack trace —
at Microsoft.Identity.Core.OAuth2.OAuthClient.System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<SendTokenRequestAsync>d__72.MoveNext() in D:\a\1\s\src\Microsoft.IdentityModel.Clients.ActiveDirectory\Internal\Flows\AcquireTokenHandlerBase.cs:line 333 — End of stack trace from previous location where exception was thrown
Issue: Since we never tried before getting access token on behalf of user credentials this issue is bit for new us. Bit googled and then realize that we missed one setting during the App registration – Default Client Type : Treat Application as a public client by default this setting is “No” as
Solution: Solution is very easy here, we just need to enable the above option from “No” to “Yes” 🙂
But then lets discuss what is this setting: Default client type either
- Web
- Public client / native (mobile & desktop)
Here, in our case our application is background job – desktop application and this is the reason we need change the setting for “Treat application as a public client” from “No” to “Yes”.
Thanks for reading 🙂 If its worth at least reading once, kindly please like and share. SHARING IS CARING 🙂
Enjoy beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂
You must be logged in to post a comment.