Overview
This article troubleshoots the following error encountered while attempting to test logging in with a new Microsoft Azure AD enterprise connection:
AADSTS700025: Client is public so neither ‘client_assertion’ nor ‘client_secret’ should be presented.
Applies To
- Microsoft Azure AD
- Enterprise Connection
- Error AADSTS700025
Cause
This error can occur if the application is configured as a Public client application in Microsoft Azure AD and is passing the client_secret to generate the access token.
Solution
Resolving this involves updating the application type for the Microsoft Azure AD Enterprise connection to either a Confidential client application or a Web application.
- Refer to Public client and confidential client applications on Microsoft Azure AD to learn more about the difference between these application types.
- To switch the application to Confidential client application or a Web application:
- Go to Azure Portal > Azure Active Directory > App Registrations > Your App > Authentication
- Click on Add a platform, and select Web from the menu that appears.
- To switch the application to Confidential client application or a Web application:
- If the error persists, modify the provider configuration to pass only the state parameter check:
checks: ["state"] - Refer to the following resources for further details on PKCE standards:
If these steps do not resolve the issue, contact Microsoft Azure Support for further assistance regarding their specific implementation of OAuth 2.0 and PKCE.