1

I am testing MSAL and ROPC flow. When I run sample https://github.com/Azure-Samples/ms-identity-python-desktop I get error:

python username_password_sample.py parameters.json
invalid_client
AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.

I was having same problem while following MS documentation and used curl. Please check my other question where SO community helped me to solve problem. After adding application registration secret to curl request, I got valid token and I was able to fetch mails.
What is confusing me is fact that secret is not present in parameters.json file.

zdenko.s
  • 931
  • 1
  • 12
  • 29
  • Does this answer your question? [How do I resolve the error AADSTS70002: The request body must contain the following parameter: 'client\_secret' or 'client\_assertion'](https://stackoverflow.com/questions/45609432/how-do-i-resolve-the-error-aadsts70002-the-request-body-must-contain-the-follow) – TylerH Mar 10 '22 at 17:51

1 Answers1

2

You missed the step No.6 from this link: https://github.com/Azure-Samples/ms-identity-python-desktop/tree/master/1-Call-MsGraph-WithUsernamePassword

enter image description here

If the application was set as Public Client, then the secret is not required.

For more details, you can read https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc#authorization-request for reference.

enter image description here

Joy Wang
  • 39,905
  • 3
  • 30
  • 54
unknown
  • 6,778
  • 1
  • 5
  • 14
  • Thanks. Now I looked carefully at text: "Required for the use of the following flows where a redirect URI is not used:​ Resource owner password credential" That is exactly scenario I am using. I first tested with curl and it worked when I added client_secret to body. It means this is not mandatory for ROPC without redirect URL. – zdenko.s Apr 17 '20 at 15:33