Open ericmort opened 1 year ago
Forgot to add that adding the Origin header solved the issue and I was authenticated as expected.
apologies, the code I used was:
func AzureADAuthMiddleware() gin.HandlerFunc { return func(c *gin.Context) { client, err := public.New("my-app-id", public.WithAuthority("https://login.microsoftonline.com/my-tenant-id")) result, err := client.AcquireTokenInteractive(context.TODO(), []string{"openid"}, public.WithRedirectURI("http://localhost:8082")) if err != nil { c.String(http.StatusUnauthorized, "Unauthorized") c.Abort() return } c.Set("account", result) c.Next() } } Github removed some characters
Which version of MSAL Go are you using? Note that to get help, you need to run the latest version. 1.2.0
Where is the issue?
Is this a new or an existing app? This is a new app or an experiment.
What version of Go are you using (
go version
)? Go versWhat operating system and processor architecture are you using (
go env
)?go env
OutputRepro
func AzureADAuthMiddleware() gin.HandlerFunc { return func(c *gin.Context) { client, err := public.New("", public.WithAuthority("https://login.microsoftonline.com/"))
result, err := client.AcquireTokenInteractive(context.TODO(), []string{"openid"}, public.WithRedirectURI("http://localhost:8082"))
if err != nil {
c.String(http.StatusUnauthorized, "Unauthorized")
c.Abort()
return
}
c.Set("account", result)
c.Next()
}
}
Expected behavior Expect browser window to open, select user and be redirected to the Go app. Then expect the code exchange to work and be authenticated.
Actual behavior The code exchange does not work. I get the following error here: https://github.com/AzureAD/microsoft-authentication-library-for-go/blob/c3591af567c769d83becf8a8129fb2d5c8c752f4/apps/public/public.go#L677
AADSTS9002327: Tokens issued for the 'Single-Page Application' client-type may only be redeemed via cross-origin requests.
Possible solution Based on searching around I tried adding a "Origin": "localhost:8082" in the addStdHeaders() function here: https://github.com/AzureAD/microsoft-authentication-library-for-go/blob/c3591af567c769d83becf8a8129fb2d5c8c752f4/apps/internal/oauth/ops/internal/comm/comm.go#L319