Share via

Trying to configure Auth0 for Microsoft authentication

Jennifer Martinson 0 Reputation points
2025-05-23T20:17:29.3333333+00:00

Trying to configure Auth0 to utilize MIcrosoft authentication, and I keep running into this error:

AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption error in msal react application.

I've searched all over stackoverflow and tried to double check the URI's and callbacks that are utilized, but it still won't connect from Auth0. I'm sure it's some small setting I don't know about, but I could use some help identifying the actual problem.

Microsoft Security Microsoft Entra Microsoft Entra External ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jinnie Nguyen 310 Reputation points Independent Advisor
    2025-05-26T09:25:18.05+00:00

    Hello Jennifer Martinson,

    This is a common issue when integrating Microsoft identity platform with Auth0 or other third-party identity providers using OAuth 2.0 Authorization Code Flow—especially in Single Page Applications (SPAs) like those built with MSAL React.

    1. Ensure PKCE Is Enabled in Auth0

    • In your Auth0 Application settings, make sure:
    • Application Type is set to Single Page Application.
    • Token Endpoint Authentication Method is set to None (since SPAs are public clients).
    • Use PKCE is enabled (this is default for SPAs).

    2. Use Authorization Code Flow with PKCE in MSAL React

    • MSAL React (v2+) supports PKCE by default.
    • Ensure you're using loginRedirect or loginPopup with the correct configuration.

    3. Redirect URI Consistency

    • Make sure the redirect URI used in:
    • Your Auth0 configuration
    • Your Azure App Registration
    • Your MSAL config

    ...are exactly the same (including trailing slashes).

    If I have answered your question, please accept this as answer as a token of appreciation and don't forget to thumbs up for "Was it helpful"!

    Best regards,

    0 comments
  2. Bandela Siri Chandana 3,055 Reputation points Microsoft External Staff Moderator
    2025-05-26T09:25:41.4666667+00:00

    Hi @Jennifer Martinson
    I understand that you are encountering AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption error in msal react application when trying to configure Auth0 to utilize Microsoft authentication.

    The redirect Uri of the external sso / idp should be registered as a "Web" instead of SPA.

    After updating the platform configuration in Microsoft Entra tenant application from SPA to Web, you will be able to resolve the AADSTS9002325 error by specifying the Web platform.

    Hope this helps. Do let us know if you have any further queries.
    If this answers your query, do click `Accept Answer` and `Yes`.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.