This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 9%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHZ%3C/text%3E%3C/svg%3E)
Context:
I have a Azure App like below
Because this app is assigned to delegated permission, so I use UsernamePasswordCrendential as auth provider. Code:
public void getClient() throws Exception {
final InetSocketAddress proxyAddress = new InetSocketAddress(proxyHost,
proxyPort);
// Setup proxy for the token credential from azure-identity
// From the com.azure.core.http.* packages
final ProxyOptions options = new ProxyOptions(ProxyOptions.Type.HTTP, proxyAddress);
// If the proxy requires authentication, use setCredentials
options.setCredentials(proxyUsername, proxyPassword);
final HttpClient authClient = new NettyAsyncHttpClientBuilder()
.proxy(options)
.build();
final UsernamePasswordCredential credential = new UsernamePasswordCredentialBuilder()
.clientId(clientId)
.tenantId(tenantId)
.httpClient(authClient)
.username(mailboxUsername)
.password(mailboxPassword)
.build();
// scopes is a list of permission scope strings
final TokenCredentialAuthProvider authProvider = new TokenCredentialAuthProvider(
scopes, credential);
// Setup proxy for the Graph client
final Proxy proxy = new Proxy(Proxy.Type.HTTP, proxyAddress);
// This object is only needed if the proxy requires authentication
final Authenticator proxyAuthenticator = (route, response) -> {
String credential1 = Credentials.basic(proxyUsername, proxyPassword);
return response.request().newBuilder()
.header("Proxy-Authorization", credential1).build();
};
// Omit proxyAuthenticator if no authentication required
final OkHttpClient httpClient = HttpClients.createDefault(authProvider)
.newBuilder()
.proxy(proxy).proxyAuthenticator(proxyAuthenticator)
.build();
final GraphServiceClient<Request> graphClient = GraphServiceClient.builder()
.httpClient(httpClient).buildClient();
graphClient.users(mailboxUsername).messages().buildRequest().get();
}
Result:
com.microsoft.aad.msal4j.MsalServiceException: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: ae0dcaa5-0c09-4dc9-860d-69f6a18d2c00 Correlation ID: 32a9b65e-d4a3-4a2b-8c7b-74b071f43048 Timestamp: 2024-02-20 08:17:24Z
at com.microsoft.aad.msal4j.MsalServiceExceptionFactory.fromHttpResponse(MsalServiceExceptionFactory.java:45) ~[msal4j-1.14.0.jar:1.14.0]
at com.microsoft.aad.msal4j.TokenRequestExecutor.createAuthenticationResultFromOauthHttpResponse(TokenRequestExecutor.java:111) ~[msal4j-1.14.0.jar:1.14.0]
at com.microsoft.aad.msal4j.TokenRequestExecutor.executeTokenRequest(TokenRequestExecutor.java:34) ~[msal4j-1.14.0.jar:1.14.0]
at com.microsoft.aad.msal4j.AbstractClientApplicationBase.acquireTokenCommon(AbstractClientApplicationBase.java:129) ~[msal4j-1.14.0.jar:1.14.0]
at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:63) ~[msal4j-1.14.0.jar:1.14.0]
at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:69) [msal4j-1.14.0.jar:1.14.0]
at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:18) [msal4j-1.14.0.jar:1.14.0]
at java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1604) [na:1.8.0_281]
at java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1596) [na:1.8.0_281]
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289) [na:1.8.0_281]
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1067) [na:1.8.0_281]
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1703) [na:1.8.0_281]
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:172) [na:1.8.0_281]
2024-02-20 16:17:24.385 ERROR 23924 --- [nPool-worker-25] c.a.identity.UsernamePasswordCredential : Azure Identity => ERROR in getToken() call for scopes [https://graph.microsoft.com/.default]: Failed to acquire token with username and password. To mitigate this issue, please refer to the troubleshooting guidelines here at [https://aka.ms/azsdk/java/identity/usernamepasswordcredential/troubleshoot]()
If I want to add client_secret to request body, where I can add client_secret to UsernamePasswordCrendential, Or there is any other way to access graph api? many thanks for you help!
Hi @Huimin ZHANG
You just need to enable public client flow for this app.
Hope this helps.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.
Yes, I know this solution, but I have no right to change this setting, because this app is no my own application. Is any other way to make it work?
Hi CarlZhao, I have no right to change app setup, In this setting ,is any other way to make it works.
Hi @Huimin ZHANG
I remember the graph SDK didn't provide us with a clientSecret method when creating the UsernamePasswordCrendential object, which means ROPC flow might not work with current secret client applications.
Try using auth code flow to perform authentication instead: https://learn.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=java#authorization-code-provider.
Hi @Huimin ZHANG
Is there anything else I can help you with regarding this issue? If you still need further help, please feel free to let me know. If your question has been solved, then you can click "Accept Answer", which may help members with similar questions find the answer easily. Thank you very much!
Hi CarlZhao, I try to change the application setup and it works , many thanks for you help