Hi @Kevin Frey
Based on the information you've shared, it appears you're trying to use mutual TLS (mTLS) for authentication with Microsoft Entra ID (Azure AD). Specifically, you're attempting to use mTLS to authenticate a client application with its certificate when requesting a token from the Entra ID token endpoint.
However, Microsoft Entra (Azure AD) does not natively support RFC 8705 for mutual TLS authentication, where a client is identified solely by a certificate in the TLS handshake. Instead, Entra typically supports OAuth 2.0-based authentication, with client certificates used to obtain tokens. In this process, client authentication is usually done via a client secret or client certificate as part of the client credentials flow.
In the OAuth client credentials flow, Microsoft Entra expects either a client_secret or a client assertion (which is typically signed by a certificate), rather than direct certificate-based authentication like mTLS. This is why you're encountering an error asking for a client_secret or client_assertion parameter.
Instead of trying to use mTLS directly, you can sign a client assertion using the client certificate and send that to Microsoft Entra.
For you reference: How to configure client_secret in app registration