Azure/azure-sdk-for-python

Client Secret option for UsernamePasswordCredential

cjusko opened this issue · 3 comments

cjusko commented
  • **azure.identity **:
  • 1.16.0:
  • Ubuntu:
  • Python v3.11.6:

Describe the bug
I'm trying to authenticate via the UsernamePasswordCredential class, in order to then use it to access the msgraph-sdk-python however, when trying to get the token, I receive the following error:

{"error":"invalid_client","error_description":"AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 2113cd76-ec33-42eb-92f4-cb24256b4200 Correlation ID: 5ab9546b-4eb7-45bf-a245-4c3460cbfc8e Timestamp: 2024-04-26 18:48:34Z","error_codes":[7000218],"timestamp":"2024-04-26 18:48:34Z","trace_id":"2113cd76-ec33-42eb-92f4-cb24256b4200","correlation_id":"5ab9546b-4eb7-45bf-a245-4c3460cbfc8e","error_uri":"https://login.microsoftonline.us/error?code=7000218"}

Here's my code:

from azure.identity import UsernamePasswordCredential

# auth = dict of creds

up_cred = UsernamePasswordCredential(
    client_id=auth['clientId'],
    username=auth['username'],
    password=auth['password'],
    authority=auth['authority'],
    tenant_id=auth['tenant']
)

scopes = ['https://graph.microsoft.us/.default']
print(up_cred._request_token(scopes=scopes))

To Reproduce
Steps to reproduce the behavior:

  1. try to create a UsernamePasswordCredential on private application that requires a Client Secret

Expected behavior
There would ideally be an option to provide the client secret. If there is already, then how am I able to do that?

Screenshots
N/A

Additional context
Thank you in advanced! Much appreciated.

Tried using ClientSecretCredential instead, but the claims response is always empty, resulting in an error. I assume that's because a login is required to authenticate properly, perhaps an incorrect assumption (see msgraph-sdk-python #672 issue

github-actions commented

Thank you for your feedback. Tagging and routing to the team member best able to assist.

xiangyan99 commented

Thanks for reaching out.

The error is from msal library.

Please open the issue in https://github.com/AzureAD/microsoft-authentication-library-for-python repo.

xiangyan99 commented

You can add the client_credential when you create the instance:

up_cred = UsernamePasswordCredential(
client_id=auth['clientId'],
username=auth['username'],
password=auth['password'],
authority=auth['authority'],
tenant_id=auth['tenant'],
client_credential=
)

  • ❤️2