Share via

Azure App Registration causing the following error: cross-origin token redemption is permitted only for the 'Single-Page Application' client type.

Owen Coyle 1 Reputation point
2021-03-15T18:35:16.177+00:00

Hello!
I am currently setting up azure to work with Alteryx, so i can connect straight to OneDrive via their tools. This is done through the following documentation (https://community.alteryx.com/t5/Alteryx-Designer-Knowledge-Base/Tool-Mastery-One-Drive/ta-p/299125)
Through following this exactly I received the following error:
77836-onedrive1.png

I struggled to find anything about this online, apart from this:
https://msft.it/6011VKSyT
Which i followed to turn it into a Single Page Application, but received the following:
77906-onedrive2.png

The only other thing i found was: msft.it/6013VKSyV
To which I received the following error:

77907-onedrive3.png

As the Alteryx Documentation asks for the replyURL type to be web, i suspect this isn't the issue. Any help on this one would be massively appreciated!

Thanks,
Owen

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,033 questions

8 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Juan Yataco 1 Reputation point
    2022-08-10T17:10:27.68+00:00

    I've been testing with Postman, but I don't know how to put XHR in Postman. Please, I am new to B2C and need to consume API Graph. Any help, I will be very grateful.

    this is my error with postman :
    {
    "error": "invalid_request",
    "error_description": "AADSTS9002326: Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type. Request origin: 'chrome-extension://sdfsdgfgdfgdfgfdggfgnfdnfdsbmfm'.\r\nTrace ID:XXXXX-XXXXX-XXXXXX\r\nCorrelation ID: XXXXX-XXX-XXXX-XXXX\r\nTimestamp: 2022-08-10 17:11:25Z",
    "error_codes": [
    9002326
    ],

    0 comments
  2. Mike Kaply 6 Reputation points
    2022-10-18T18:02:50.29+00:00

    Somehow this situation has gotten worse?

    The error message is now:

    AADSTS90023: Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type or 'Native' client-type with origin registered in AllowedOriginForNativeAppCorsRequestInOAuthToken allow list.

    But AllowedOriginForNativeAppCorsRequestInOAuthToken does not exist in any documentation anywhere on the internet.

    I thought maybe it needed to go in the manifest, but that didn't work.

    I don't understand why Microsoft is so terrible at writing documentation for this.

  3. Tejas Soni 0 Reputation points
    2024-02-22T09:45:54.2866667+00:00

    I also faced this issue for the first time requesting the new access token and refresh token from Microsoft endpoint https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token (tenant :- common). Got this error:- 

    AADSTS90023: Tokens issued for the 'Single-Page Application' client-type should only be redeemed via cross-origin requests. If your client does not send the Origin header, you should register it as a 'Native' client-type instead.

    When I tried to send "Origin" = false in the Headers, it works for me. Also sending Origin as "" or null in the Headers is working for me. I think issue is with not sending "Origin" key in Headers. User's image

    Please try it out if it works for you. Thanks

    0 comments