none
AAD - AuthenticationContext AcquireTokenAsync RRS feed

  • Question

  • Hi there,

    when I attempt to login to AAD by using API "AuthenticationContext AcquireTokenAsync", but I always run into the problems

    "

    An unexpected error occurred.
    Message: One or more errors occurred.
    Inner Exception : AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.
    Trace ID: 513c12d4-ed0d-490b-acd1-6a44db091100
    Correlation ID: af41a573-65a5-40b7-b556-059279bd3d87
    Timestamp: 2019-09-18 03:38:27Z

    "

    I use the following api and method to do it for getting back a result.

    "authenticationResult = authContext.AcquireTokenAsync(resourceHostUri, clientId, uc).Result;" [uc is UserCredential]

    my question is where the "resourceHostUri" is and where the information comes from??

    Thanks

    WILL


    Hi there, if you found my comment very helpful then please | Propose as answer | . Thanks and Regards.


    • Edited by Will .H Wednesday, September 18, 2019 3:46 AM
    Wednesday, September 18, 2019 3:42 AM

All replies

  • Hello Will .H,

    Which library are you using? It looks like you're using the ADAL library, specifically the ROPC flow. This flow is described in depth at in the ADAL wiki, which specifically can be found here : https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/Acquiring-tokens-with-username-and-password

    That being said, the ROPC flow is not recommended, and is only supported in ADAL .net Framework, per the git issue here : https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/482

    Specifically the error that you're getting is most likely due to the fact that your AAD Application Registration is a web app AAD App registration. You will need to register an AAD Application Registration for Desktop/native to utilize the ROPC flow since the web app flow requires a client secret or client assertion. 

    

    That is to register a desktop app registration, you will need to set the redirect uri to be public client.

    

    -------------------------------------------------------------------------------- 

    Please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions. Thanks

    Wednesday, September 18, 2019 8:29 PM
    Moderator
  • Please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions. Thanks

    Friday, September 20, 2019 5:26 PM
    Moderator