microsoft-authentication-library-for-java
microsoft-authentication-library-for-java copied to clipboard
Published
20 hours ago •
AzureAD
AzureAD
[Bug] PublicClientApplication acts like confidential client application
Library version used
1.14.3
Java version
17
Scenario
PublicClient (AcquireTokenInteractive, AcquireTokenByUsernamePassword)
Is this a new or an existing app?
This is a new app or experiment
Issue description and reproduction steps
Even though my application is a public client application, and uses MSAL for iOS and Android perfectly fine, when I try connecting to the same client id on Desktop (after registering the application for desktop), it says I need a client_secret:
com.microsoft.aad.msal4j.MsalServiceException: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: f8ca8882-0b92-4e97-9fac-bc491d333900 Correlation ID: f43ae1e8-856f-4ef3-a259-fa58a651ab2c Timestamp: 2024-05-08 10:58:05Z
Relevant code snippets
val application = PublicClientApplication
.builder(BuildConfig.ENTRA_CLIENT_ID)
.authority(BuildConfig.ENTRA_AUTHORITY)
.build()
val prefs = Preferences.userRoot()
val storedAccountId = prefs.get(Constants.ENTRA_ACCOUNT_IDENTIFIER, "")
val redirectUri = "http://localhost:55259"
val scopes = setOf("User.Read")
val authResult = application.run {
if (storedAccountId.isNullOrBlank()) {
acquireToken(
InteractiveRequestParameters
.builder(URI(redirectUri))
.scopes(scopes)
.build()
)
} else {
acquireTokenSilently(
SilentParameters
.builder(
scopes,
application
.accounts
.join()
.find { it.tenantProfiles[storedAccountId] != null }
)
.build()
)
}
}
entraIdToken = authResult.join().idToken()
Expected behavior
Returns auth token
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
No response
Solution and workarounds
No response
