client secret in Authentication Profile when using OAUTH 2.0 should be optional
Hi,
Greetings. We have a requirement to secure REST API using token generated by Azure AD. Pega is registered as a native app in Azure AD and grant type is password. We were provided with Client id, username, password, resource, scope and client secret but if i send client_secret as one of the parameters, i get an error as below
{
"error": "interaction_required",
"error_description": "AADSTS50158: External security challenge not satisfied. User will be redirected to another page or authentication provider to satisfy additional authentication challenges.\r\nTrace ID: 31a8d86b-8d15-4a60-ad5a-aca50e0b0300\r\nCorrelation ID: f3f2e54b-ddec-43f4-92d8-4c0fc3c41b4e\r\nTimestamp: 2020-06-05 20:43:40Z",
"error_codes": [
50158
],
From Pega client_secret is not optional, but from postman if i ignore the client_secret but pass in remaining keys, i get a proper access_token and refresh_token back.
Can anyone provide me if there is a way to make client_secret optional from Pega?
Regards,
Bharat
Accenture
GB
Hi,
Thanks for replying back, i have tried with client_credentials, and i still get a error but a different one, Authentication Scheme i am using is Private Key JSON Web Token.
Response received : {"error":"invalid_client","error_description":"AADSTS700021: Client assertion application identifier doesn't match 'client_id' parameter. Review the documentation at https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials .\r\nTrace ID: 787f4dba-1ab6-4da4-96f9-4ef6838e0100\r\nCorrelation ID: d773ba93-b6fa-4f4e-a40d-7358c5ea993e\r\nTimestamp: 2020-06-06 19:07:40Z","error_codes":[700021],"timestamp":"2020-06-06 19:07:40Z","trace_id":"787f4dba-1ab6-4da4-96f9-4ef6838e0100","correlation_id":"d773ba93-b6fa-4f4e-a40d-7358c5ea993e","error_uri":"https://login.microsoftonline.com/error?code=700021"}