This article troubleshoots the following error encountered while attempting to test logging in with a new Microsoft Azure AD enterprise connection:

AADSTS700025: Client is public so neither 'client_assertion' nor 'client_secret' should be presented.

• Microsoft Azure AD
• Enterprise Connection
• Error AADSTS700025

This error can occur if the application is configured as a Public client application in Microsoft Azure AD and is passing the client_secret to generate the access token.

Resolving this involves updating the application type for the Microsoft Azure AD Enterprise connection to either a Confidential client application or a Web application.

• Refer to Public client and confidential client applications on Microsoft Azure AD to learn more about the difference between these application types.  
  • To switch the application to Confidential client application or a Web application:
    • Go to Azure Portal > Azure Active Directory > App Registrations > Your App > Authentication
    • Click on Add a platform, and select Web from the menu that appears. 
• If the error persists, modify the provider configuration to pass only the state parameter check: checks: ["state"]
• Refer to the following resources for further details on PKCE standards:
  • OAuth 2.0 Proof Key for Code Exchange (PKCE)
  • RFC 7636: Proof Key for Code Exchange by OAuth Public Clients

If these steps do not resolve the issue, contact Microsoft Azure Support for further assistance regarding their specific implementation of OAuth 2.0 and PKCE.