Background
- You are trying to write an authentication logic for an application that calls a Microsoft Graph API.
- When you retrieve an authentication token, you have to pass client secret if the application is registerd with "Web" platform configuration (otherwise you will get
AADSTS7000218
error). On the other hand, you must not pass client secret if the application is registerd with "Movile and desktop application" platform configuration (otherwise you will getAADSTS700025
error). *1 - You can get the platform configuration of an application with Microsoft Graph API. You will see
web
property in the result ofGET /applications
. *2
Problem
To call GET /applications
API endpoint, you have to authenticate the application. Also you have to give one of Application.Read.All
, Application.ReadWrite.All
, Directory.AccessAsUser.All
, or Directory.Read.All
permission.
So you cannot identify platforms of an application that is about to authenticate.