This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 35%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETI%3C/text%3E%3C/svg%3E)
I am trying to get access token via OAuth 2.0 device authorization grant flow https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code#authenticating-the-user and i am getting this error:
{
"error": "invalid_client",
"error_description": "AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.\r\nTrace ID: 3706b400-f39e-465a-8585-e9c2fe34ba00\r\nCorrelation ID: 619aa720-c135-48b8-af2b-3115920197b0\r\nTimestamp: 2021-06-22 12:07:04Z",
"error_codes": [
7000218
],
"timestamp": "",
"trace_id": ",
"correlation_id": "",
"error_uri": "https://login.microsoftonline.com/error?code=7000218"
}
I successfully got the device code and signed user consent using:
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/devicecode
Content-Type: application/x-www-form-urlencoded
client_id= my application id
scope=user.read%20openid%20profile
And using device_code to request for accees token but running into the above mentioned error
The request I am is as follows:
Why i am getting this error, as this API does not support client_secret as a parameter. Also i don't even have client_secret (that is why i am using this authorization flow) which i can put there.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 27%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDO%3C/text%3E%3C/svg%3E)
You must be using a public client without allowing public flows on your app. Try going to the AAD app and flip Allow public client flows to Yes. See screenshot below.
@TechnoGenics Integrations
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
Thank you for your time and patience throughout this issue.
Actually i am using an enterprise application added from Azure Marketplace which does not have this 'Allow Application Client flows' option. Only registered or self deployed azure app have this option. Is there any other solution ?