I am currently trying out Microsoft Entra Device Authorization Grant Flow according to this page: Microsoft identity platform and the OAuth 2.0 device authorization grant flow. I was able to follow the instructions up to polling while user has not authenticated yet. I was given the correct error (authorization_pending) since user has not authenticated yet. However once user authenticates (via pc or mobile), requesting again will return me this error:
**”error”: “invalid_client”, “error_description”: “AADSTS7000218: The request body must contain the following parameter: ‘client_assertion’ or ‘client_secret’. **Trace ID…..
I was confused since the entire Device code Flow page does not mention any client secret. I tried to add the client secret to the body as the error says. It does not do anything. I also tried waiting for the interval before polling again. Nothing.
Since the user has successfully authenticated, I was expecting to get a successful authentication response (giving me access_token, refresh_token, etc…).
Did I miss anything?
0
The error usually occurs if you missed enabling public client flows option in your app registration while using device code flow.
Initially, I too got same error when I tried to generate token using device code flow without enabling public client flow option:
POST https://login.microsoftonline.com/tenantId/oauth2/v2.0/token
grant_type: urn:ietf:params:oauth:grant-type:device_code
client_id: appId
device_code: device_code
Response:
To resolve the error, make sure to enable public client flow option in your app registration like this:
Now, I ran below request to get device code that is needed for generating token in next call:
POST https://login.microsoftonline.com/tenantId/oauth2/v2.0/devicecode
client_id: appId
scope: User.Read openid offline_access
Response:
When I used this device code to make below call, I got tokens successfully like this:
POST https://login.microsoftonline.com/tenantId/oauth2/v2.0/token
grant_type: urn:ietf:params:oauth:grant-type:device_code
client_id: appId
device_code: device_code
Response:
1