Hello @Chandan Tiwari ,
Thanks for reaching out.
Looking at above correlation ID, it seems that application (client_id) which is involved in this flow was registered in Azure AD as Web app platform type but whereas token requested from a JavaScript single-page application (SPA) using auth code flow.
Therefore, to fix the issue, the application must be configured as Single-Page application instead web app platform in Azure AD app registration by including unique reply URL as shown below (or) make sure the token request not include an Origin header
, if being sent from a non-browser client.
To update an existing redirect URI to enable CORS, open the manifest editor and set the type
field for your redirect URI to spa
in the replyUrlsWithType
section
Once updated then you would see Single-page application added as authentication platform:
Hope this helps.
------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.