microsoftgraph / msgraph-sample-github-connector-python

This Python application shows how to create a Microsoft Graph connector for GitHub repos and issues.
MIT License
10 stars 12 forks source link

Unable to AuthN - ClientAuthenticationError: Authentication failed: AADSTS7000218 #6

Open Josverl opened 1 month ago

Josverl commented 1 month ago

Following the instructions in the readme throws an error during authentication , just after completing the DC login in the browser :

azure.core.exceptions.ClientAuthenticationError: Authentication failed: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 2808d5b7-77ac-4cc3-8b7f-208e49c71501 Correlation ID: fedc1220-de06-43d3-91bf-5471f3c20592 Timestamp: 2024-10-09 18:03:11Z
Content: {"error":"invalid_client","error_description":"AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 2808d5b7-77ac-4cc3-8b7f-208e49c71501 Correlation ID: fedc1220-de06-43d3-91bf-5471f3c20592 Timestamp: 2024-10-09 18:03:11Z","error_codes":[7000218],"timestamp":"2024-10-09 18:03:11Z","trace_id":"2808d5b7-77ac-4cc3-8b7f-208e49c71501","correlation_id":"fedc1220-de06-43d3-91bf-5471f3c20592","error_uri":"https://login.microsoftonline.com/error?code=7000218","claims":"{\"access_token\":{\"capolids\":{\"essential\":true,\"values\":[\"7a1f0e50-430e-45f5-94c6-05d62e5dab0c\"]}}}"

Tried:

Details

python main.py Python Graph Connector To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code FKEQKAVLH to authenticate. DeviceCodeCredential.get_token failed: Authentication failed: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 2808d5b7-77ac-4cc3-8b7f-208e49c71501 Correlation ID: fedc1220-de06-43d3-91bf-5471f3c20592 Timestamp: 2024-10-09 18:03:11Z Content: {"error":"invalid_client","error_description":"AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 2808d5b7-77ac-4cc3-8b7f-208e49c71501 Correlation ID: fedc1220-de06-43d3-91bf-5471f3c20592 Timestamp: 2024-10-09 18:03:11Z","error_codes":[7000218],"timestamp":"2024-10-09 18:03:11Z","trace_id":"2808d5b7-77ac-4cc3-8b7f-208e49c71501","correlation_id":"fedc1220-de06-43d3-91bf-5471f3c20592","error_uri":"https://login.microsoftonline.com/error?code=7000218","claims":"{\"access_token\":{\"capolids\":{\"essential\":true,\"values\":[\"7a1f0e50-430e-45f5-94c6-05d62e5dab0c\"]}}}"} Traceback (most recent call last): File "D:\copilot\msgraph-github-connector-python\main.py", line 58, in asyncio.run(main()) File "C:\Users\josverl\.rye\py\cpython@3.11.9\Lib\asyncio\runners.py", line 190, in run return runner.run(main) ^^^^^^^^^^^^^^^^ File "C:\Users\josverl\.rye\py\cpython@3.11.9\Lib\asyncio\runners.py", line 118, in run return self._loop.run_until_complete(task) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\josverl\.rye\py\cpython@3.11.9\Lib\asyncio\base_events.py", line 654, in run_until_complete return future.result() ^^^^^^^^^^^^^^^ File "D:\copilot\msgraph-github-connector-python\main.py", line 18, in main user = await graph.get_user() ^^^^^^^^^^^^^^^^^^^^^^ File "D:\copilot\msgraph-github-connector-python\graph.py", line 45, in get_user user = await self.user_client.me.get(request_configuration=request_config) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "D:\copilot\msgraph-github-connector-python\.venv\Lib\site-packages\msgraph\generated\users\item\user_item_request_builder.py", line 161, in get return await self.request_adapter.send_async(request_info, User, error_mapping) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "D:\copilot\msgraph-github-connector-python\.venv\Lib\site-packages\kiota_http\httpx_request_adapter.py", line 176, in send_async response = await self.get_http_response_message(request_info, parent_span) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "D:\copilot\msgraph-github-connector-python\.venv\Lib\site-packages\kiota_http\httpx_request_adapter.py", line 522, in get_http_response_message await self._authentication_provider.authenticate_request( File "D:\copilot\msgraph-github-connector-python\.venv\Lib\site-packages\kiota_abstractions\authentication\base_bearer_token_authentication_provider.py", line 50, in authenticate_request token = await self.access_token_provider.get_authorization_token( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "D:\copilot\msgraph-github-connector-python\.venv\Lib\site-packages\kiota_authentication_azure\azure_identity_access_token_provider.py", line 110, in get_authorization_token File "D:\copilot\msgraph-github-connector-python\.venv\Lib\site-packages\kiota_authentication_azure\azure_identity_access_token_provider.py", line 110, in get_authorization_token File "D:\copilot\msgraph-github-connector-python\.venv\Lib\site-packages\kiota_authentication_azure\azure_identity_access_token_provider.py", line 110, in get_authorization_token File "D:\copilot\msgraph-github-connector-python\.venv\Lib\site-packages\kiota_authentication_azure\azure_identity_access_token_provider.py", line 110, in get_authorization_token result = self._credentials.get_token( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "D:\copilot\msgraph-github-connector-python\.venv\Lib\site-packages\azure\identity\_internal\interactive.py", line 149, in get_token token_info = self._get_token_base(*scopes, options=options, base_method_name="get_token", **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "D:\copilot\msgraph-github-connector-python\.venv\Lib\site-packages\azure\identity\_internal\interactive.py", line 223, in _get_token_base raise ClientAuthenticationError(message=message, response=response) azure.core.exceptions.ClientAuthenticationError: Authentication failed: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 2808d5b7-77ac-4cc3-8b7f-208e49c71501 Correlation ID: fedc1220-de06-43d3-91bf-5471f3c20592 Timestamp: 2024-10-09 18:03:11Z Content: {"error":"invalid_client","error_description":"AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 2808d5b7-77ac-4cc3-8b7f-208e49c71501 Correlation ID: fedc1220-de06-43d3-91bf-5471f3c20592 Timestamp: 2024-10-09 18:03:11Z","error_codes":[7000218],"timestamp":"2024-10-09 18:03:11Z","trace_id":"2808d5b7-77ac-4cc3-8b7f-208e49c71501","correlation_id":"fedc1220-de06-43d3-91bf-5471f3c20592","error_uri":"https://login.microsoftonline.com/error?code=7000218","claims":"{\"access_token\":{\"capolids\":{\"essential\":true,\"values\":[\"7a1f0e50-430e-45f5-94c6-05d62e5dab0c\"]}}}"}

jasonjoh commented 1 month ago

@Josverl I took a look at the code and this is using the device code grant flow. It looks like the app registration instructions are missing a step.

  1. Select Authentication under Manage. Locate the Advanced settings section and change the Allow public client flows toggle to Yes, then choose Save.
Josverl commented 1 month ago

Hello Jason, Thanks for the quick response. That indeed resolves the Auth problem with the Device Code Flow. That now allows me to add 30 items, put that is a separate paging limitation that I can work around.

will you update the docs or should I send a PR?

jasonjoh commented 1 month ago

I'll defer to @aycabas ;)