[Azure AD Mobile Plugin] "Unable to login" Azure AD Plugin

Forge Component
(7)
Published on 16 Jan by Pedro Costa
7 votes
Published on 16 Jan by Pedro Costa

Hi Team,

I have integrated "Azure AD Mobile Plugin". When I do login. I'm getting "Unable to login" error message.

Below is server log in Outsystems:

Cannot assign a JavaScript object with value Error:  ErrorCode:invalid_client ErrorDescription:AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.
Trace ID: e979554e-b61a-4cc8-bab1-..............
Correlation ID: 219473eb-34a1-4de4-978e............
Timestamp: 2019-09-24 06:31:29Z to an output parameter of type Text Check the JavaScript node 'Authenticate' of the action 'ADALLogin'. 

Can someone help. I checked all-over the forums. No solution. 

Hi Kalyan,

Where exactly is this error occurring?

Is it after Authenticate JS or after ValidateToken ?

Pedro Costa wrote:

Hi Kalyan,

Where exactly is this error occurring?

Is it after Authenticate JS or after ValidateToken ?

After Authentication, I'm getting below error message "Unable to login" from ADAL plugin.

I checked Outsystems logs. Below is log:

Cannot assign a JavaScript object with value Error:  ErrorCode:invalid_client ErrorDescription:AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.
Trace ID: e979554e-b61a-4cc8-bab1-..............
Correlation ID: 219473eb-34a1-4de4-978e............
Timestamp: 2019-09-24 06:31:29Z to an output parameter of type Text Check the JavaScript node 'Authenticate' of the action 'ADALLogin'. 


What kind of application have you registered in azure? Web or Native? Web application needs the client secret parameter, but in our case it needs to be native (how to)


I did a little research and found these solution. Can you review the settings made in azure?

https://github.com/Azure-Samples/active-directory-dotnetcore-devicecodeflow-v2/issues/9#issuecomment-480306483

https://github.com/Azure-Samples/active-directory-dotnetcore-devicecodeflow-v2#register-the-client-app-active-directory-dotnet-deviceprofile

https://community.powerbi.com/t5/Developer/The-request-body-must-contain-the-following-parameter-client/m-p/259820#M8014

Pedro Costa wrote:

What kind of application have you registered in azure? Web or Native? Web application needs the client secret parameter, but in our case it needs to be native (how to)


I did a little research and found these solution. Can you review the settings made in azure?

https://github.com/Azure-Samples/active-directory-dotnetcore-devicecodeflow-v2/issues/9#issuecomment-480306483

https://github.com/Azure-Samples/active-directory-dotnetcore-devicecodeflow-v2#register-the-client-app-active-directory-dotnet-deviceprofile

https://community.powerbi.com/t5/Developer/The-request-body-must-contain-the-following-parameter-client/m-p/259820#M8014

Thanks. 

Will cross check Azure AD settings.


kalyan wrote:

Pedro Costa wrote:

What kind of application have you registered in azure? Web or Native? Web application needs the client secret parameter, but in our case it needs to be native (how to)


I did a little research and found these solution. Can you review the settings made in azure?

https://github.com/Azure-Samples/active-directory-dotnetcore-devicecodeflow-v2/issues/9#issuecomment-480306483

https://github.com/Azure-Samples/active-directory-dotnetcore-devicecodeflow-v2#register-the-client-app-active-directory-dotnet-deviceprofile

https://community.powerbi.com/t5/Developer/The-request-body-must-contain-the-following-parameter-client/m-p/259820#M8014

Thanks. 

Will cross check Azure AD settings.


1. Our app registration does not discriminate between Native app/web app. App is registered as in below link:

 https://docs.microsoft.com/en-us/azure/active-directory/develop/app-registrations-training-guide


Microsoft developer shared Auth Endpoint, Token Endpoint and App ID.

Is there another way, to implement Azure AD login with above details?





In the application registration in Azure Portal does not appear the option to choose between Web or Native?



Solution

Pedro Costa wrote:

In the application registration in Azure Portal does not appear the option to choose between Web or Native?



Yes, created a new app and made the changes. I was able to login successfully and get user-information.

But, "success : false" from plugin. 

Please check screenshot.  


Solution

Can you show me the permissions of your azure application ?


Pedro Costa wrote:

Can you show me the permissions of your azure application ?


Please check screenshot. 


I think missing adding permissions Directory.AcessAsUser.All for Azure Active Directory and Microsoft Graph



Pedro Costa wrote:

I think missing adding permissions Directory.AcessAsUser.All for Azure Active Directory and Microsoft Graph



I figured the issue. Thank you.

I need to add "Client_IdentityProvider" on  eSpace > site provider 

https://www.outsystems.com/forums/discussion/51675/error-on-validating-token/#Post192253