Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type

See original GitHub issue

Core Library

MSAL.js v2 (@azure/msal-browser)

Core Library Version

2.28.2

Wrapper Library

MSAL React (@azure/msal-react)

Wrapper Library Version

1.4.6

Public or Confidential Client?

Confidential

Description

Hi guys, I’m getting this error while trying to login with ‘popup’ interaction.

Cross-origin token redemption is permitted only for the ‘Single-Page Application’ client-type. Request origin: ‘http://localhost:3000’.

Is there a way I can pass an extra property request origin to the request?

MSAL Configuration

export const b2cPolicies = {
    names: {
        signUpSignIn: "B2C_1_SISOPolicy",
        editProfile: "B2C_1_ProfileEditPolicy"
    },
    authorities: {
        signUpSignIn: {
            authority: "https://login.microsoftonline.com/tfp/msidlabb2c.onmicrosoft.com/B2C_1_SISOPolicy"
        },
        editProfile: {
            authority: "https://login.microsoftonline.com/tfp/msidlabb2c.onmicrosoft.com/B2C_1_ProfileEditPolicy"
        }
    },
    authorityDomain: "login.microsoftonline.com"
}

// Config object to be passed to Msal on creation
export const msalConfig = {
    auth: {
        clientId: process.env.REACT_APP_AZURE_CLIENT_ID,
        authority: b2cPolicies.authorities.signUpSignIn.authority,
        knownAuthorities: [b2cPolicies.authorityDomain],
        redirectUri: process.env.REACT_APP_AZURE_REDIRECT_URI,
        postLogoutRedirectUri: process.env.REACT_APP_AZURE_POSTLOGOUT_REDIRECT_URI
    },
    cache: {
        cacheLocation: "localStorage",
        storeAuthStateInCookie: isIE || isEdge || isFirefox
    },
    system: {
        loggerOptions: {
            loggerCallback: (level, message, containsPii) => {
                if (containsPii) {	
                    return;	
                }
                switch (level) {	
                    case LogLevel.Error:	
                        console.error(message);	
                        return;	
                    case LogLevel.Info:	
                        console.info(message);	
                        return;	
                    case LogLevel.Verbose:	
                        console.debug(message);	
                        return;	
                    case LogLevel.Warning:	
                        console.warn(message);	
                        return;	
                    default:
                        return;
                }
            }
        }
    }
};

Relevant Code Snippets

<MsalProvider instance={msalInstance}>
                <MsalAuthenticationTemplate 
                    interactionType={InteractionType.Popup} 
                    authenticationRequest={authRequest} 
                    errorComponent={ErrorComponent} 
                    loadingComponent={LoadingComponent}
                >
                    <div>Profile Content</div>
                </MsalAuthenticationTemplate>
            </MsalProvider>

Identity Provider

Azure AD / MSA

Source

External (Customer)

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:7 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
sameeragcommented, Sep 14, 2022

@derisen Do we have docs demonstrating this?

@diamantisufi In your app registration, there is a left blade for Authentication:

Authentication Blade

AuthenticationBlade

Once you go to the screen it has an option to Add a platform and you should be able to add the SPA type. Hope this helps.

0reactions
diamantisuficommented, Sep 27, 2022

@sameerag it solved my issue, thanks!

Read more comments on GitHub >

github_iconTop Results From Across the Web

cross-origin token redemption is permitted only for the 'Single ...
Azure App Registration causing the following error: cross-origin token ... is permitted only for the 'Single-Page Application' client type.
Read more >
Tokens issued for the 'Single-Page Application' client-type ...
Getting access tokens from Postman: Tokens issued for the 'Single-Page Application' client-type may only be redeemed via cross-origin requests.
Read more >
[BUG/Question] Cross-origin token redemption is permitted ...
[BUG/Question] Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type. #47.
Read more >
Do I need to enable Cors? Tokens issued for the 'Single-Page ...
Tokens issued for the 'Single-Page Application' client-type may only be redeemed via cross-origin requests.
Read more >
Cross-origin token redemption Error with Dynamics
AADSTS9002326: Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

AADSTS90009 (I think) due to no scope form parameter on refresh

Next page

How do you re-validate the token for session management?