update documentation - Azure AD IdP

nginxinc / nginx-openid-connect

Reference implementation of OpenID Connect integration for NGINX Plus

https://www.nginx.com/products/nginx/

Other

199 stars 94 forks source link

update documentation - Azure AD IdP #80

Open nergalex opened 1 year ago

nergalex commented 1 year ago

Hello,

To support Azure AD as an IdP, it's necessary to set header Origin. If not, this issue here is encountered. Error looks like: [error] 10#10: *1 js: OIDC error from IdP when sending authorization code: invalid_request, AADSTS9002327: Tokens issued for the 'Single-Page Application' client-type may only be redeemed via cross-origin requests.

Fix is to add proxy_set_header Origin $host; in locations /_token and /_refresh

Could you update the documentation?

Best Regards

ojuschugh1 commented 1 year ago

Hi, I am interested in this issue. Is this issue still open or closed?

Thanks and Regards

ag-TJNII commented 7 months ago

This proposed fix lead me down a bad path. I found the fix to be to unset any headers from the client. https://github.com/nginxinc/nginx-openid-connect/pull/88

anderius commented 13 hours ago

This is still an issue, and is not specific to EntraID. It affects all IdPs.

I think @ag-TJNII has a good fix in https://github.com/nginxinc/nginx-openid-connect/pull/88, and hope that is merged soon.