microsoft-identity-web: Redeem authCode failing with error in v2.5.0

Microsoft.Identity.Web Library

Microsoft.Identity.Web

Microsoft.Identity.Web version

2.5.0

Web app

Sign-in users, when the appsetting.json contain "ResponseType": "code",

Description

After upgrading to 2.5.0 signIn is not working anymore. It’s failing with

OpenIdConnectProtocolException: Message contains error: ‘invalid_client’, error_description: ‘AADSTS7000218: The request body must contain the following parameter: ‘client_assertion’ or ‘client_secret’. Trace ID: f230550d-2015-4e89-a234-a98a4b718000 Correlation ID: 33e33f36-5a76-4b3d-b8f7-5c56e1724fe7 Timestamp: 2023-03-01 09:56:57Z’, error_uri: ‘https://login.microsoftonline.com/error?code=7000218’.

although ClientSecret is set in options.

Reproduction steps

just migrate to 2.5.0 and application which overrides the "ResponseType": "code"

Error message

OpenIdConnectProtocolException: Message contains error: ‘invalid_client’, error_description: ‘AADSTS7000218: The request body must contain the following parameter: ‘client_assertion’ or ‘client_secret’. Trace ID: f230550d-2015-4e89-a234-a98a4b718000 Correlation ID: 33e33f36-5a76-4b3d-b8f7-5c56e1724fe7 Timestamp: 2023-03-01 09:56:57Z’, error_uri: ‘https://login.microsoftonline.com/error?code=7000218’.

Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()

Id Web logs

No response

Relevant code snippets

none

Regression

1.26.0

Expected behavior

Client_assertion/secret parameter is send with redeemCode request.