Cannot Authenticate AzureAD native client application

1
votes

I have registered an AzureAD application which is a public client / Native Client.

I am using the standard code generated by Azure in the portal.

the important bits being

    static App()
    {
        _clientApp = PublicClientApplicationBuilder.Create(ClientId)
            .WithLogging((level, message, containsPii) =>
            {
                System.Diagnostics.Debug.WriteLine("*************************");
                System.Diagnostics.Debug.WriteLine($"{level}: {message}");
            }, LogLevel.Verbose, true, true)
            .WithAuthority($"{Instance}{Tenant}")
            .WithRedirectUri(RedirectURI)
            .Build();
        TokenCacheHelper.EnableSerialization(_clientApp.UserTokenCache);
    }

and

         authResult = await app.AcquireTokenInteractive(scopes)
                    .WithAccount(accounts.FirstOrDefault())
                    .WithParentActivityOrWindow(new WindowInteropHelper(this).Handle) // optional, used to center the browser on the window
                    .WithPrompt(Prompt.SelectAccount)
                    .ExecuteAsync();

The returned error is;

"AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.

Following what I for example read here and in most places in AzureAD I have changed the default type to Public client.

I am still getting the same error.

I have enabled logging and I think i have the relevant part below

Info: (False) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) An authorization code was retrieved from the /authorize endpoint. Info: (False) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) Exchanging the auth code for tokens Info: (False) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) === InteractiveParameters Data === LoginHint provided: False User provided: False UseEmbeddedWebView: NotSpecified ExtraScopesToConsent: Prompt: select_account HasCustomWebUi: False

Info: (False) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) Response status code does not indicate success: 401 (Unauthorized). Warning: (False) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) Request retry failed. Info: (False) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) HttpStatusCode: 401: Unauthorized Error: (True) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) MSAL.Desktop.4.13.0.0.MsalServiceException: ErrorCode: invalid_client Microsoft.Identity.Client.MsalServiceException: A configuration issue is preventing authentication - check the error message from the server for details.You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.

It appears I am getting a authorization code but failing to get the tokens. The error being 401 (Unauthorized).

Can someone please help me to understand this?

1
azure-active-directorymsal
Not yet. I do not administer the AzureAD so have to wait for an admin to get back to me.darbid
I am getting back to this issue. I am still getting the same error message. I am honestly at a loss to know what to do.darbid
I don't think so. If you already added Mobile and desktop applications platform, there will be some delay(a few minutes). If you still have a web platform, you can delete that and try again.Tony Ju

1 Answers

1
votes

There are two steps to fix this issue.

1.Change the default client type to Public client.

2.Add Mobile and desktop applications platform

enter image description here