Error: Public clients can't send a client secret while try to get access token in Onedrive

5
votes

I am trying to get OneDrive access token by following URL

https://login.live.com/oauth20_token.srf?client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&redirect_uri=https://login.live.com/oauth20_desktop.srf&code=AUTHORIZATION_CODE&grant_type=authorization_code

but the response is as following

{"error":"invalid_request","error_description":"Public clients can't send a client secret."}

Can anyone explain this?

1
onedrive
Are you creating a web application, mobile/desktop app, or just experimenting with the API? - Kevin Lam

1 Answers

9
votes

A "public client" is a mobile or desktop application (web services are "confidential clients"). MSA is giving you this response because you're redirecting to https://login.live.com/oauth20_desktop.srf. In this case, you should not be providing the client_secret value in the request, so your request should just look like this:

https://login.live.com/oauth20_token.srf?client_id=YOUR_CLIENT_ID&redirect_uri=https://login.live.com/oauth20_desktop.srf&code=AUTHORIZATION_CODE&grant_type=authorization_code