Lazy Diary @ Hatena Blog

PowerShell / Java / miscellaneous things about software development, Tips & Gochas. CC BY-SA 4.0/Apache License 2.0

You cannot identify platforms of an application that is about to authenticate

Background

  • You are trying to write an authentication logic for an application that calls a Microsoft Graph API.
  • When you retrieve an authentication token, you have to pass client secret if the application is registerd with "Web" platform configuration (otherwise you will get AADSTS7000218 error). On the other hand, you must not pass client secret if the application is registerd with "Movile and desktop application" platform configuration (otherwise you will get AADSTS700025 error). *1
  • You can get the platform configuration of an application with Microsoft Graph API. You will see web property in the result of GET /applications. *2

Problem

To call GET /applications API endpoint, you have to authenticate the application. Also you have to give one of Application.Read.All, Application.ReadWrite.All, Directory.AccessAsUser.All, or Directory.Read.All permission.

So you cannot identify platforms of an application that is about to authenticate.