AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption

azure azure-active-directory single-sign-on
29,009

I can reproduce your problem, you have to add the redirect URL under the web (not single page application). After that, you will be able to use the auth code flow to get the code.

enter image description here

Similar problem,see: here and here and here.

Share:
29,009
user14504804
Author by

user14504804

Updated on September 14, 2021

Comments

  • user14504804
    user14504804 almost 3 years

    I created a spa application owned by my organization only, but there was a problem when I requested code. How can I resolve it?

    enter image description here

    • Carl Zhao
      Carl Zhao over 3 years
      Try to change the platform configuration from SPA to Web. What is the result?
    • w. Patrick Gale
      w. Patrick Gale over 2 years
      This likely depends heavily on the type of application architecture you are using (not mentioned in the question). I received this error as well trying to use the AzureADProvider in Next-Auth (v4) for a NextJs app (standard NextJs server config - not custom server) with Azure configuration set to the SPA platform. However when I switched to using @azure/msal-browser and @azure/msal-react I had to switch my Azure app platform back to SPA for the authentication to succeed.
  • Rodney
    Rodney over 2 years
    Thank you, this and the Fiddler advice (here: docs.microsoft.com/en-us/answers/questions/270056/…) which exposed the fact that, regardless of what I had configured in azure for the site registration redirect uri, ms login was sending my redirect setting suffixed with "./.auth/login/aad/callback". Matching that in a "Web" registration profile got it working. Btw, I have a SPA, use MSAL2 and set redirectUri to "location.origin" which works for both local and published.
  • norgie
    norgie about 2 years
    When adding the Web platform, do you keep the SPA as well?
  • oren revenge
    oren revenge about 2 years
    now I get an "Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type" THIS IS A CERTIFIED MICROSOFT MOMENT

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Azure AD SSO for non-azure Linux VMs?
Password reset not working because password writeback not working in portal.azure.com
Sample cypress script to bypass SSO
How to integrate Azure AD SSO in flutter app
AADSTS900144: The request body must contain the following parameter: 'scope' when using legacy Developer Portal
Check if username exist in Microsoft Azure Active Directory
Azure AD B2C password expiration
Failure to generate access token using refresh token for O365 API
On premise Active Directory ObjectId is different than Azure Active Directory ObjectId
The client xxx with object id xxx does not have authorization to perform action Microsoft.Resources/subscriptions/resourcegroups/write' over scope