Problem statement
We are attempting to test login with a new Azure AD enterprise connection and we are seeing the following error message in our tenant logs:
{
...
"error": {
"message": "failed to obtain access token",
"oauthError": "invalid_request",
"type": "request-error",
"payload": "{\"error\":\"invalid_client\",\"error_description\":\"AADSTS700025: Client is public so neither 'client_assertion' nor 'client_secret' should be presented.\
\
...
}
Cause
This error message is thrown on the Azure side and is likely occurring because the application is configured as ‘Public client application’ and for the Azure AD Enterprise connection this would need to be a Confidential client application or Web application.
This is a link to the docs on the Microsoft side that cover the difference between these:
Solution
To switch your application to Confidential, you can go to your Azure AD Application and change the platform configuration to Web as shown below:
Go to Azure Portal > Azure Active Directory > App Registrations > Your App > Authentication
Then click on Add a platform, and select Web from the menu that appears.