ex = {"AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'

Question

This is how I have written code and trying to get the output.

The request body must contain the following parameter: client_secret or client_assertion

 static async Task<AuthenticationResult> getAccessToken()
 {
     string hardcodedUsername = "";
     string hardcodedPassword = "";
     string tenantName = "projectwidgets.com";
     string authString = "https://login.microsoftonline.com/" + tenantName;
     AuthenticationContext authenticationContext = new AuthenticationContext(authString, false);
     //Config for OAuth client credentials
     string clientId = "as";
     string key = "kk";
     string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenantName);
     var authContext = new AuthenticationContext(authority);
     AuthenticationResult result = null;
     try
     {
         result = await authContext.AcquireTokenAsync("https://pwsnapitazure.azurewebsites.net", clientId, new UserPasswordCredential(hardcodedUsername, hardcodedPassword));
     }
     catch (Exception ex)
     {
          Console.WriteLine(ex.StackTrace);
          System.Diagnostics.Debug.WriteLine(ex.Message);
     }                        
     return result;
 }

Answer 1

As the Azure App Registration UI has changed from legacy authentication, you will need to enable an additional setting called "treat application as a public client". Under Default Client Type, set this setting to Yes:

In the Manifest also you can control this by setting:

"allowPublicClient": true

Answer 2

According to your code , that seems you are using a web app/API that uses username and password to authenticate .

we can only use the resource owner flow from a native client. A confidential client, such as a web site, cannot use direct user credentials.

You would need to invoke it as a public client (native client app), not as a confidential client (web app/API). Please refer to this document for more about how to use ADAL .NET to authenticate users via username/password .Especially the Constraints & Limitations section .

In daemon or server application , you may consider using client credential flow , but with this flow, the application presents its client credentials to the OAuth2 token issuing endpoint, and in return gets an access token that represents the application itself without any user information. Please click here for more details about client credential flow , and here are code samples.