CORS error for /token end point

[Ganpatkakar]

Library

• [ ] msal@1.x.x or @azure/msal@1.x.x
• [X] @azure/msal-browser@2.x.x
• [ ] @azure/msal-node@1.x.x
• [ ] @azure/msal-react@1.x.x
• [ ] @azure/msal-angular@0.x.x
• [ ] @azure/msal-angular@1.x.x
• [ ] @azure/msal-angular@2.x.x
• [ ] @azure/msal-angularjs@1.x.x

Description

Server side flow :- .Net with initial authentication flow and getting id_token and serving to the client-side react code. Client side will use this id_token and request Azure AD for the token, but we are getting CORS error for the /token end-point. however /openid-configuration returns proper data.

Using msal-browser (latest) with bellow configs.

 private msalConfig = {
    auth: {
      clientId: uiConfig.AdalConfig.clientId,
      authority: `${uiConfig.AdalConfig.instance}${this.idToken.tid}`,
      redirectUri: window.location.href,
      postLogoutRedirectUri: 'https://login.microsoftonline.com/common/oauth2/logout'
    },
    cache: {
      cacheLocation: 'localStorage',
      storeAuthStateInCookie: false
    },
    system: {
      loggerOptions: {
        loggerCallback: (level: any, message: any, containsPii: any) => {
          if (containsPii) {
            return;
          }
          switch (level) {
            case LogLevel.Error:
              console.info(message);
              return;
            case LogLevel.Info:
              console.info(message);
              return;
            case LogLevel.Verbose:
              console.debug(message);
              return;
            case LogLevel.Warning:
              console.warn(message);
              return;
          }
        }
      }
    }
  };

Call to the instance creation this.msalInstance = new PublicClientApplication(this.msalConfig);

And then Call SSO Silent

  const silentRequest = {
      scopes: ['openid', 'profile', 'email', 'offline_access'],
      loginHint: this.idToken.preferred_username
    };

    try {
      const loginResponse = await this.msalInstance.ssoSilent(silentRequest);
      loggerService.info(`loginResponse ${loginResponse}`);
    } catch (err) {
      loggerService.error(`msal error ${err}`);
    }

SSO Silent is called to utilize the session running on Aad and getting token. https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/login-user.md#silent-login-with-ssosilent

First party portal is enabled with explicit code flow

And all the reply URLs are **Web** type.

Source

• [X] Internal (Microsoft)
• [ ] Customer request

[jasonnutter]

First party portal is enabled with explicit code flow

@Ganpatkakar Redirect URIs used for MSAL.js v2 must be of the "spa" type. Please update those URLs and try again.

[Ganpatkakar]

@jasonnutter We made changes accordingly and it worked. Thank you so much for guiding and giving your precious time. Thanks