OAuth Cross-origin error

[andrefurlan-db]

Getting Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type. Request origin: 'http://localhost:8020/'. when using OAuth client with Azure.

It works if I remove the code for both u2m and m2m:

        if 'microsoft' in self._client.token_url:
            # Tokens issued for the 'Single-Page Application' client-type may
            # only be redeemed via cross-origin requests
            headers = {'Origin': self._client.redirect_url}

[nfx]

@andrefurlan-db but only SPA supports the PKCE auth... is dropping the PKCE verification something you want?

[andrefurlan-db]

No, but: Right now Azure does not work because of this error. Removing that code I pasted fixes the issue

[nfx]

@andrefurlan-db what your OAuth app configuration? should be something like this:

[andrefurlan-db]

No. Our partner documentation states app to be: "Public client/Native", not Single-page.

[nfx]

@andrefurlan-db in the requirements document you've provided, you emphasised about PKCE everywhere ;)

[andrefurlan-db]

Yes, like I mentioned, removing the Origin header fixes the issue and it works with PKCE. I don't understand what is this about? It is just wrong to add that header.

[nfx]

I'll cut a release on Friday (CET) with the fix for this

[andrefurlan-db]

Thanks!