Explanation of the error:
The error we're encountering, AADSTS9002326: Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type, indicates that your Azure AD registered app is trying to redeem a token from a different origin (in this case, https://tenannamet.sharepoint.com) than what Azure AD allows for its configuration. This restriction is in place to prevent security vulnerabilities associated with cross-origin resource sharing (CORS).
Explanation of the script:
This JavaScript function, getAccessToken, is designed to asynchronously request an access token from Microsoft's OAuth 2.0 token endpoint for the Microsoft Graph API. It uses jQuery's AJAX methods for the HTTP request and Deferred object for handling asynchronous operations. Here's a breakdown of its key components
The script we use:
function getAccessToken() {
var deferred = $.Deferred();
$.ajax({
type: "POST",
crossDomain: true,
url: https://outlookadd-in.herokuapp.com/https://login.microsoftonline.com/tenantName.onmicrosoft.com/oauth2/v2.0/token,
headers: {
"content-type": "application/x-www-form-urlencoded"
},
data: {
grant_type: "client_credentials",
client_id: "client id value here",
client_secret: "client secret value here",
scope: https://graph.microsoft.com/.default
},
success: function (data) {
deferred.resolve();
token = data.access_token;
debugger;
},
error: function (data, errorThrown, status) {
debugger;
console.log(data);
}
});
return deferred.promise();
}
Note: using postman, we get successfully the access token, when using in SharePoint we get the error message:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 20%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 84%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)