You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Authenticating towards a custom registered app with the authorization code grant flow fails with error code AADSTS7000218, while using the device authorization grant flow (-DeviceCode) is successful.
Authenticate interactively using the device authorization grant flow.
Return to the PowerShell window and find that authentication was successful.
Expected behavior
If the device code flow works, the auth code flow should work as well. They are virtually the same.
Module Version
ModuleType Version PreRelease Name ExportedCommands
---------- ------- ---------- ---- ----------------
Script 2.0.0 Microsoft.Graph.Authentication {Add-MgEnvironment, Connect-MgGraph, Disconnect-MgGrap…
Environment Data
PSVersion 7.3.5
PSEdition Core
GitCommitId 7.3.5
OS Microsoft Windows 10.0.19045
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
Additional context
The Azure Registered App is configured as follows:
Error message:
Connect-MgGraph: InteractiveBrowserCredential authentication failed: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.
Trace ID: REDACTED
Correlation ID: REDACTED
Timestamp: 2023-07-06 15:45:18Z
The text was updated successfully, but these errors were encountered:
The issue in this case is with the selected platform, web (web applications that run on a server), in Azure Portal. You'll need to specify the platform as mobile and desktop applications with a redirect URI of http://localhost. Alternatively, you can modify the app's manifest in Azure Portal by changing the replyUrlsWithType from web to InstalledClient:
Hi @peombwa, I also tried that, but I have only used https://login.microsoftonline.com/common/oauth2/nativeclient as the redirect URL, not http://localhost. It was not easy finding the correct documentation about that, so thanks for pointing it out to me. We got the app working now!
Describe the bug
Authenticating towards a custom registered app with the authorization code grant flow fails with error code AADSTS7000218, while using the device authorization grant flow (
-DeviceCode
) is successful.To Reproduce
Steps to reproduce the behavior:
Execute
Connect-MgGraph -ClientId $clientId -TenantId $tenantId -Scopes Mail.Send.Shared
Authenticate interactively using the authorization code grant flow.
The browser shows: "Authentication complete. You can return to the application. Feel free to close this browser tab."
Return to the PowerShell window and find the error message (find text version below).
Execute
Connect-MgGraph -ClientId $clientId -TenantId $tenantId -Scopes Mail.Send.Shared -Device
Authenticate interactively using the device authorization grant flow.
Return to the PowerShell window and find that authentication was successful.
Expected behavior
If the device code flow works, the auth code flow should work as well. They are virtually the same.
Module Version
Environment Data
Additional context
The Azure Registered App is configured as follows:
Error message:
The text was updated successfully, but these errors were encountered: