question

MrRogers-5131 avatar image
1 Vote"
MrRogers-5131 asked MrRogers-5131 commented

AADSTS9002326: How to use Single-page App redirect urls

I followed the quickstart guide: Quickstart: Sign in to users and get an access token in a JavaScript SPA using the auth code flow with PKCE. Everything works great until I add a localhost web redirect URI like http://localhost:3030. As soon as I do that, I get the error AADSTS7000218: The request body must contain the following parameter: ‘client_assertion’ or ‘client_secret’. So, I figure that I then need to enable public client flows, so I turn that on. The next error I get is AADSTS9002326: Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type.

I haven't changed my SPA redirect URI and suddenly it won't work when I add the localhost web URI. Why? It seems that other web redirect URIs work fine.


azure-ad-msal
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DinosKon-1895 avatar image
0 Votes"
DinosKon-1895 answered SaurabhSharma-msft edited

Make sure you do not have multiple platforms configured in azure (for eg both SPA & Web App)

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

That seems strange to me that an Application ID can only have SPA or Web App. Shouldn't I be able to share an app ID across Mobile, SPA, and Web App?

0 Votes 0 ·
MikeKaply-4338 avatar image
0 Votes"
MikeKaply-4338 answered MrRogers-5131 commented

What API are you using to get the token? If you're using fetch, it adds an Origin: "null" and that seems to cause a problem with the Microsoft end point (even though it's correct per the spec).

I found that using XHR and making sure there was no Origin at all fixed this.

I believe this is a Microsoft bug, but I'm not sure how to report it.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I'm using the MSAL JS library. I cloned the project ms-identity-javascriipit-vs-master.


0 Votes 0 ·

Have you managed to solve the problem?

0 Votes 0 ·

Unfortunately, no.

0 Votes 0 ·
John-3642 avatar image
1 Vote"
John-3642 answered

In case someone else encounters this error, check the URIs type in the Manifest file to be Spa and NOT Web. Even if you have set the platform in Authentication to Single-page applications, the URIs type might still be set to Web which will cause this error.

Check Manifest file!

Good luck.




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.