0

I am trying to generate access token for user using the API https://login.microsoftonline.com/tenantId/oauth2/token with below body parameters

client_id, grant_type(= password), resource, username and password.

for one clientId, i am able to get access token with above params. but for a second Client_id, it fails with message "AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret". It works only when i pass the client_secret for my second app.

how should I configure/create the second AppId/Client_id, so that i can generate the access token without specifying client_secret.

Thanks

user9297554
  • 347
  • 4
  • 17

1 Answers1

0

I tried to reproduce the same in my environment and got the below results:

I created an Azure AD Application and generated access token via Postman by providing parameters like below and got the same error as below:

POST https://login.microsoftonline.com/tenantId/oauth2/token

client_id : xxxxxx-xxx-xxx-xxxx-xxxxxxxx
grant_type : password
resource : resource
username : ruk@********.onmicrosoft.com
password : ******

enter image description here

Please note that, client_secret is required for the ROPC flow when the Azure AD Application is not a public client.

You can create client_secret if you do not want your Azure AD Application as public client.

To resolve the error, enable Allow public client flows setting in your Azure AD Application like below:

Go to Azure Portal -> Azure Active Directory -> App Registrations -> Your App -> Authentication -> Allow public client flows -> YES

enter image description here

I am able to get the access token successfully without client_secret like below:

enter image description here

Rukmini
  • 6,015
  • 2
  • 4
  • 14