'How do I resolve the error AADSTS7000218: The request body must contain the following parameter: 'client_secret' or 'client_assertion'

This is how I have written code and trying to get the output.

The request body must contain the following parameter: client_secret or client_assertion

 static async Task<AuthenticationResult> getAccessToken()
 {
     string hardcodedUsername = "";
     string hardcodedPassword = "";
     string tenantName = "projectwidgets.com";
     string authString = "https://login.microsoftonline.com/" + tenantName;
     AuthenticationContext authenticationContext = new AuthenticationContext(authString, false);
     //Config for OAuth client credentials
     string clientId = "as";
     string key = "kk";
     string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenantName);
     var authContext = new AuthenticationContext(authority);
     AuthenticationResult result = null;
     try
     {
         result = await authContext.AcquireTokenAsync("https://pwsnapitazure.azurewebsites.net", clientId, new UserPasswordCredential(hardcodedUsername, hardcodedPassword));
     }
     catch (Exception ex)
     {
          Console.WriteLine(ex.StackTrace);
          System.Diagnostics.Debug.WriteLine(ex.Message);
     }                        
     return result;
 }
c++sharpazure-active-directory


Solution 1:[1]

As the Azure App Registration UI has changed from legacy authentication, you will need to enable an additional setting called "treat application as a public client". Under Default Client Type, set this setting to Yes:

screenshot of AAD App Registration showing "Treat application as a public client" set to "yes" under the 'Default client type' subsection of the 'Advanced Settings' section

In the Manifest also you can control this by setting:

"allowPublicClient": true

Solution 2:[2]

According to your code , that seems you are using a web app/API that uses username and password to authenticate .

we can only use the resource owner flow from a native client. A confidential client, such as a web site, cannot use direct user credentials.

You would need to invoke it as a public client (native client app), not as a confidential client (web app/API). Please refer to this document for more about how to use ADAL .NET to authenticate users via username/password .Especially the Constraints & Limitations section .

In daemon or server application , you may consider using client credential flow , but with this flow, the application presents its client credentials to the OAuth2 token issuing endpoint, and in return gets an access token that represents the application itself without any user information. Please click here for more details about client credential flow , and here are code samples.

Solution 3:[3]

While trying to access Azure resources using UsernamePasswordCredential credential we were getting the below error.

This was because Allow public client flows was disabled for the application registered in Azure AD.

Enabling it fixed the issues for us.

https://nishantrana.me/2020/12/01/fixed-aadsts7000218-the-request-body-must-contain-the-following-parameter-client_assertion-or-client_secret/

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 TylerH
Solution 2 Nan Yu
Solution 3 Meeska Mooska

Related Questions