Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Public Client AcquireTokenInteractive errors with requirement for client_assertion or client_secret #503

Open
8 tasks
colinhuckstep opened this issue Sep 16, 2024 · 0 comments
Open
8 tasks

[Bug] Public Client AcquireTokenInteractive errors with requirement for client_assertion or client_secret #503

colinhuckstep opened this issue Sep 16, 2024 · 0 comments
Labels
bug Something isn't working public-client

Comments

@colinhuckstep
Copy link

colinhuckstep commented Sep 16, 2024
edited
Loading

Which version of MSAL Go are you using?
Note that to get help, you need to run the latest version.

Where is the issue?

  • Public client
    • Device code flow
    • Username/Password (ROPC grant)
    • Authorization code flow
  • Confidential client
    • Authorization code flow
    • Client credentials:
      • client secret
      • client certificate
  • Token cache serialization
    • In-memory cache
  • Other (please describe)
    AcquireTokenInteractive

Is this a new or an existing app?
Existing application we are trying to migrate from ADFS to EntraID.

What version of Go are you using (go version)?

go version go1.23.0 windows/amd64

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
set GOHOSTARCH=amd64
set GOHOSTOS=windows

Repro

func getSAMLTokenFromEntraID(client *http.Client) (string, error) { scopes := []string{entra.MiddletierId + "/.default"} app, err := public.New(entra.Id, public.WithHTTPClient(client)) if err != nil { log.Errorf("Error creating EntraID Login App: %v", err) } authTokenResult, err := app.AcquireTokenInteractive(context.Background(), scopes, public.WithTenantID(entra.TenantId)) if err != nil { log.Fatalf("Error getting token: %v", err) } return authTokenResult.AccessToken, err }

Expected behavior
An access token should be returned.

Actual behavior
An error is thrown:

The request body must contain the following parameter: 'client_assertion' or 'client_secret'.

These are not valid options for a public client.

Possible solution

Additional context / logs / screenshots
FATAL: Error getting token: could not retrieve token from auth code: http call(https://login.microsoftonline.com/{{ tenant }}/oauth2/v2.0/token)(POST) error: reply status code was 401:
{"error":"invalid_client","error_description":"AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: {{ redacted }} Correlation ID: {{ redacted }} Timestamp: 2024-09-16 17:29:30Z","error_codes":[7000218],"timestamp":"2024-09-16 17:29:30Z","trace_id":"{{ redacted }}","correlation_id":"{{ redacted }}","error_uri":"https://login.microsoftonline.com/error?code=7000218"}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working public-client
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bgavrilMS @colinhuckstep