AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption
29,009
I can reproduce your problem, you have to add the redirect URL under the web (not single page application). After that, you will be able to use the auth code flow to get the code.
Similar problem,see: here and here and here.
Author by
user14504804
Updated on September 14, 2021Comments
-
user14504804 almost 3 years
I created a
spa
application owned by my organization only, but there was a problem when I requested code. How can I resolve it?-
Carl Zhao over 3 yearsTry to change the platform configuration from
SPA
toWeb
. What is the result? -
w. Patrick Gale over 2 yearsThis likely depends heavily on the type of application architecture you are using (not mentioned in the question). I received this error as well trying to use the AzureADProvider in Next-Auth (v4) for a NextJs app (standard NextJs server config - not custom server) with Azure configuration set to the SPA platform. However when I switched to using
@azure/msal-browser
and@azure/msal-react
I had to switch my Azure app platform back to SPA for the authentication to succeed.
-
-
Rodney over 2 yearsThank you, this and the Fiddler advice (here: docs.microsoft.com/en-us/answers/questions/270056/…) which exposed the fact that, regardless of what I had configured in azure for the site registration redirect uri, ms login was sending my redirect setting suffixed with "./.auth/login/aad/callback". Matching that in a "Web" registration profile got it working. Btw, I have a SPA, use MSAL2 and set redirectUri to "location.origin" which works for both local and published.
-
norgie about 2 yearsWhen adding the Web platform, do you keep the SPA as well?
-
oren revenge about 2 yearsnow I get an "Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type" THIS IS A CERTIFIED MICROSOFT MOMENT