1

Running the following Powershell command

$tokenresponse = Get-MsalToken -ClientId $clientID -TenantId $tenantID -Interactive  -RedirectUri "http://localhost"

gives me the error:

AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.

All solutions I found are pointing to the direction, that in the Azure Protal I should enable "Allow public client flows" but this setting is enabled. Any idea how I can get the token (I would need to get a token for delegated permissions)

Mathias R. Jessen
  • 157,619
  • 12
  • 148
  • 206
Matthias W
  • 11
  • 1

1 Answers1

0

I know this is an old question, but my answer below might help someone in the future. I ran into this same problem today and the way to fix it was by correcting the configuration on the App Registration. The solution was quite simple. I just had to set up Authentication to the right platform: "Mobile and desktop applications". Instead of Web or SPA.

enter image description here

To test it, get your tenant id and application (client) id, and pass it to the Get-MsalToken commandlet like below. The login page should pop-up, including any MFA dialogs (if MFA is configured).

$tenant_id = "00000000-0000-0000-0000-0000000000000"
$client_id = "00000000-0000-0000-0000-0000000000000"

$authParams = @{
     ClientId    = $client_id
     TenantId    = $tenant_id
     Interactive = $true
}

$auth = Get-MsalToken @authParams
$auth
EduardoCMB
  • 392
  • 2
  • 17
  • While looking for a solution to this issue, I also found the answer in this post: https://stackoverflow.com/questions/67573253/get-msaltoken-error-aadsts7000218-the-request-body-must-contain-the-following-p . But it did not work for me. – EduardoCMB Jan 27 '23 at 19:10