August 4, 2024

Solution for Azure OAuth2 Error: Public clients can’t send a client secret.

Problem:

When trying to do get the initial OAuth2 authorization token from Azure (using Chilkat.OAuth2), I get the following error:

{"error":"invalid_request","error_description":"AADSTS90023:
Public clients can't send a client secret.
Trace ID: ...

Solution:

Chilkat.OAuth2 is for desktop apps and scripts (i.e. not code that runs on a web server), but it still behaves as a “Web App” because Chilkat.OAuth2.StartAuth starts a background thread to act as a temporary web server to receive the single “http://localhost:<portNumber>/” redirect from the local web browser.  Therefore, you still need to create your app in Azure EntraID as “Web” for the Redirect URI as shown here:

admin
0
Tags :

Tags

ActiveX asp async asynchronous C# callbacks Delphi email Encryption error messages events exchange server FTP GMail HTTP IMAP IOS Java Linking MIME oauth2 Office365 pfx PHP pop3 port-forwarding regsvr32 release notes RSA SFTP smartcard SMTP socket SSH SSL TLS tunnel upload vb6 VBScript VC++ x64 xades XML zip