AADSTS9002326: Cross-origin token redemption is permitted only for the 'Single-Page Application'

Question

I am trying to send cross origin request to get access token on my React spa app localhost. I got the first 'Access-Control-Allow-Origin' error, to solve it I defined proxy to webpack.

When I run the code block below, I get 400 bad request errors.

Proxy code
'/payment': {
  target: 'https://apitest.domain.com',
  changeOrigin: true,
  secure: false,
  pathRewrite: { '^/payment': '' },
}
-------------------
  async getPaymentAccessToken() {
    const msg = await request<PaymentAccessTokenResponse>(`/payment/accesstoken/get`, {
      method: 'POST',
      prefix: undefined,
      credentials: 'include',
      headers: {
        client_id: this.client.client_id,
        client_secret: this.client.client_secret,
        'Ocp-Apim-Subscription-Key': this.client['payment-Subscription-Key'],
        'Merchant-Serial-Number': this.client['Merchant-Serial-Number']!,
      },
    });

    return msg;
  }

{"error":"invalid_request","error_description":"AADSTS9002326: Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type.\r\nTrace ID: 0c7f2993-b612-434d-9cee-244e88f51600\r\nCorrelation ID: 45d80262-c77f-487b-a95b-4566c736e1bc\r\nTimestamp: 2022-06-07 19:14:30Z","error_codes":[9002326],"timestamp":"2022-06-07 19:14:30Z","trace_id":"0c7f2993-b612-434d-9cee-244e88f51600","correlation_id":"45d80262-c77f-487b-a95b-4566c736e1bc","error_uri":"https://login.windows.net/error?code=9002326"}

score 5 · Answer 1 · answered Jun 16 '22 at 04:57

5

Make sure Azure app is registered for SPA platform. You can refer Microsoft official doc This should solve the issue.

check more config options and samples here

answered Jun 16 '22 at 04:57

Ajin

87
1
8

The Azure app is not mine. I'm just trying to access services. – CodAvo Jun 16 '22 at 11:22

AADSTS9002326: Cross-origin token redemption is permitted only for the 'Single-Page Application'

1 Answers1