Share via

AADSTS7000218 - one of my application receives the following error when authenticates Entra id

James Stall 0 Reputation points
2025-01-31T08:31:31.16+00:00

AADSTS7000218 - one of my application receives the following error when authenticates Entra id

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,990 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,860 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. CarlZhao-MSFT 45,021 Reputation points
    2025-01-31T09:26:29.1866667+00:00

    Hi @James Stall

    Is your app a confidential client app? If it is a confidential client app, then the 'client_assertion' or 'client_secret' parameter is necessary during authorization.

    On the contrary, if it is a public client app, then the 'client_assertion' or 'client_secret' parameter is not required. However, you need to enable the public client flow for the app.

    User's image

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

    0 comments
  2. Sandeep G-MSFT 20,701 Reputation points Microsoft Employee
    2025-02-05T04:06:52.44+00:00

    @James Stall

    Thank you for posting this in Microsoft Q&A.

    As I understand you are getting below error message while trying to access the application configured in Entra ID.

    Error: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.

    Based off your error code - AADSTS7000218, I found some Stack Overflow threads and internal issues relating to your error message, and this could be due to the wrong App Registration default client type being used.

    Client Credentials flow, Authorization Code flow, and On-Behalf-Of flow are used by Confidential client to request a token.  Azure AD will return the above error if the request is missing a client secret or a client assertion.

    In order to resolve this, you'll need to:

    1. Navigate to your Azure AD App Registration
    2. Select Authentication
    3. Change Allow public client flows to "Yes"

    User's image

    For more information on how public client and confidential client work- AADSTS7000218

    • Confidential Client – A client who is capable of storing a secret (used to authenticate to Azure AD).  An example of this client is a web application, where its code and secret are stored on the server that’s not exposed to the public.  The application’s confidential information can only be accessed by an admin person.
    • Public Client – A client not capable of storing any secret.  An example of a public client is a mobile application or a desktop application running at public kiosk in an insecure and unmanaged environment.

    Reference:

    Let me know if you have any further questions on this.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.