I am currently trying out Microsoft Entra Device Authorization Grant Flow according to this page: Microsoft identity platform and the OAuth 2.0 device authorization grant flow. I was able to follow the instructions up to polling while user has not authenticated yet. I was given the correct error (authorization_pending) since user has not authenticated yet. However once user authenticates (via pc or mobile), requesting again will return me this error:
**"error": "invalid_client", "error_description": "AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. **Trace ID.....
I was confused since the entire Device code Flow page does not mention any client secret. I tried to add the client secret to the body as the error says. It does not do anything. I also tried waiting for the interval before polling again. Nothing.
Since the user has successfully authenticated, I was expecting to get a successful authentication response (giving me access_token, refresh_token, etc...).
Did I miss anything?