You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/entra/entra-id/app-integration/confidential-client-application-authentication-error-aadsts7000218.md
+4-6Lines changed: 4 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -57,9 +57,7 @@ In the Microsoft Entra App Registration model, a registered application can be b
57
57
58
58
## How Microsoft Entra ID determines the client type
59
59
60
-
To determines the client type, use one of the following methods:
61
-
62
-
- Use the type of the redirect URI (reply URL):
60
+
- Method 1: Use the type of the redirect URI (reply URL):
63
61
64
62
Microsoft Entra ID checks the redirect URI (reply URL) provided in the request and cross-checks it with the redirect URI registered in the App Registrations.
65
63
- A **Web** type redirect URI classifies the application as a confidential client.
@@ -69,11 +67,11 @@ To determines the client type, use one of the following methods:
69
67
70
68
:::image type="content" source="media/confidential-client-application-authentication-error-aadsts7000218/public-client-type.png" alt-text="Screenshot that shows a public type redirect URI" lightbox="media/confidential-client-application-authentication-error-aadsts7000218/public-client-type.png":::
71
69
72
-
- Use the default client type (when no reply URL is provided):
70
+
-Method 2: Use the **Enable the following mobile and desktop flows** option (when no reply URL is provided):
73
71
74
-
In some OAuth 2.0 flows, such as the [OAuth 2 Resource Owner Password Credentials (ROPC)](/azure/active-directory/develop/v2-oauth-ropc) grant flow, [OAuth 2 device authorization grant flow](/entra/identity-platform/v2-oauth2-device-code) and Integrated Windows Authentication, there is no reply URL provided in the token request. In these cases, Microsoft Entra ID uses the app registration's default client type to determine whether the client is confidential or public.
72
+
In some OAuth 2.0 flows, such as the [OAuth 2 Resource Owner Password Credentials (ROPC)](/azure/active-directory/develop/v2-oauth-ropc) grant flow, [OAuth 2 device authorization grant flow](/entra/identity-platform/v2-oauth2-device-code) and Integrated Windows Authentication, there is no reply URL provided in the token request. In these cases, Microsoft Entra ID uses the app registration's **Enable the following mobile and desktop flows** to determine whether the client is confidential or public.
75
73
76
-
- If **Default client type** is set to **Yes**, the client is public.
74
+
- If **Enable the following mobile and desktop flows** is set to **Yes**, the client is public.
77
75
- If it's set to **No**, the client is confidential.
78
76
79
77
### How to identify the grant type and redirect URI used by an application
0 commit comments