Azure – Azure AD – resolving error – Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS7000218: The request body must contain the following parameter: ‘client_assertion’ or ‘client_secret’

Azure – Azure App Registration – Default setting for – Default client type

Hi All,

LIFE IS BEAUTIFUL 🙂 I hope we all are safe:) STAY SAFE, STAY HEALTHY 🙂 STAY HOME 🙂

Today new issue and solution 🙂

Background: We have our background jobs (using CSOM) for governing the Teams. One of our job is archiving the Teams. We are using Microsoft Graph REST APIs to archive the Teams. For using Graph REST API we need access token.

Also for archiving the team (and making respective SharePoint site read-only) we need to get the AccessToken on behalf of user. Token retrieved on be half of App wont work here.

Following is the code to get the Access Token from Microsoft Identity Service (Azure AD) using user credentials as

We were getting an exception while executing above code. Exception is thrown while getting the result.

Exception / Error :  System.AggregateException: One or more errors occurred. —> Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS7000218: The request body must contain the following parameter: ‘client_assertion’ or ‘client_secret’

StackTrace : Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: Response status code does not indicate success: 401 (Unauthorized).

  at Microsoft.Identity.Core.OAuth2.OAuthClient.<GetResponseAsync>d__18`1.MoveNext() in D:\a\1\s\src\Microsoft.IdentityModel.Clients.ActiveDirectory\Core\OAuth2\OAuthClient.cs:line 66    — End of inner exception stack trace —    

at Microsoft.Identity.Core.OAuth2.OAuthClient.System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)    at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<SendTokenRequestAsync>d__72.MoveNext() in D:\a\1\s\src\Microsoft.IdentityModel.Clients.ActiveDirectory\Internal\Flows\AcquireTokenHandlerBase.cs:line 333 — End of stack trace from previous location where exception was thrown

Issue: Since we never tried before getting access token on behalf of user credentials this issue is bit for new us. Bit googled and then realize that we missed one setting during the App registration – Default Client Type : Treat Application as a public client by default this setting is “No” as

 Azure - Azure App Registration - Default setting for - Default client type
Fig1: Azure – Azure App Registration – Default setting for – Default client type

Solution: Solution is very easy here, we just need to enable the above option from “No” to “Yes” 🙂

But then lets discuss what is this setting: Default client type either

  • Web
  • Public client / native (mobile & desktop)

Here, in our case our application is background job – desktop application and this is the reason we need change the setting for “Treat application as a public client” from “No” to “Yes”.

Thanks for reading 🙂 If its worth at least reading once, kindly please like and share. SHARING IS CARING 🙂

Enjoy beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂

This site uses Akismet to reduce spam. Learn how your comment data is processed.