Share via

"error":"invalid_request","error_description":"AADSTS9002326: Cross-origin token redemption is permitted only for the 'Single-Page Application

Shrikant Bhagwat 146 Reputation points
2025-08-29T23:34:20.2633333+00:00

We moved one OAuth/OIDC App from on-Prem IDP with identical setting in Entra. We get access token but Fiddler Trace we see following error in header

Getting following {"error":"invalid_request","error_description":"AADSTS9002326: Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type. Request origin: 'https://anes-conference-dev.med.umich.edu'. Trace ID: f9581b04-ab3f-466d-ab9a-3f73c6854500 Correlation ID: 36710781-6227-4247-b5f0-f94a1addb963 Timestamp: 2025-08-29 23:05:23Z","error_codes":[9002326],"timestamp":"2025-08-29 23:05:23Z","trace_id":"f9581b04-ab3f-466d-ab9a-3f73c6854500","correlation_id":"36710781-6227-4247-b5f0-f94a1addb963","error_uri":"https://login.microsoftonline.com/error?code=9002326","claims":"{"access_token":{"capolids":{"essential":true,"values":["e5ae914d-5b70-4b89-9868-6b6195ca285e"]}}}"}

Here is config

2025-08-29_19-29-54

Let us know what to change on Entra Side

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.