How to enable CORS in an Azure App Registration when used in an OAuth Authorization Flow with PKCE?

javascript azure oauth-2.0 pkce

Okay, after days of banging my head against the stupidity of Azure's implementation I stumbled upon a little hidden nugget of information here: https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-browser#prerequisites

If you change the type of the redirectUri in the manifest from 'Web' to 'Spa' it gives me back an access token! We're in business!It breaks the UI in Azure, but so be it.

javascript azure oauth-2.0 pkce

You should define the internal url with your local host address.

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-understand-cors-issues

javascript azure oauth-2.0 pkce

When I first posted, the Azure AD token endpoint did not allow CORS requests from browsers to the token endpoint, but it does now. Some Azure AD peculiarities around scopes and token validation are explained in these posts and code in case useful:

CodeHunter

How to enable CORS in an Azure App Registration when used in an OAuth Authorization Flow with PKCE?

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last