Cryptic exceptions when attempting IWA / UP / Device Flow with an app that isn't registered as a public client #1249

bgavrilMS · 2019-07-03T11:25:01Z

Which Version of MSAL are you using ?
Note that to get help, you need to run the latest version. Preview version are also ok.
For ADAL, please log issues to https://github.com/AzureAD/azure-activedirectory-library-for-dotnet
MSAL 4.1

What authentication flow has the issue?

Desktop / Mobile
- Interactive
- Integrated Windows Auth
- Username Password
- Device code flow (browserless)

Repro
In the portal, users have the option of configuring the "default client type"

Note: This is quite confusing as I can configure redirect URIs for the public client but still have this checkbox set to "NO".

If I attempt IWA or Device Code Flow, the exception that we get back is:

MsalServiceException: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.

For U/P, the exception is:

.MsalClientException: Federated service at https://msft.sts.microsoft.com/adfs/services/trust/2005/usernamemixed returned error: ID3242: The security token could not be authenticated or authorized.

Proposed solution
Re-Throw meaningful exceptions.

bgavrilMS · 2019-07-03T11:26:16Z

jmprieur added the Supportability label Jul 3, 2019

jmprieur added this to the 4.2 milestone Jul 3, 2019

jennyf19 mentioned this issue Jul 13, 2019

fix error message for invalid_client #1269

Merged

jennyf19 self-assigned this Jul 13, 2019

jennyf19 added the In Progress label Jul 13, 2019

bgavrilMS added Fixed and removed In Progress labels Jul 16, 2019

MarkZuber closed this as completed Jul 23, 2019

Provide feedback