TechQA.

AADSTS9002326: Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type. Request origin: 'capacitor://localhost'

58 views Asked by At

I have an Ionic app that needs to authenticate in Azure and i follow this stackoverflow: Ionic and MSAL Authentication

All did go fine except for iOS where im getting

AADSTS9002326: Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type. Request origin: 'capacitor://localhost'

I did try register this url on mobile and computer urls as SPA needs to have http or https so this is not valid...

Anyone knows how to fix this issue?

Thank you

ios angular ionic-framework azure-ad-b2c capacitor
Original Q&A
1

There are 1 answers

1
Rukmini On

The error "Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type" usually occurs if the Microsoft Entra ID application is not configured as SPA and you are making use of SPA authentication.

In your case, as your redirecting URL is capacitor://localhost, you cannot configure it as SPA as SPA supports only http or https. Refer this MsDoc.

Hence to resolve the error, either you have to configure the application as Mobile and desktop application and use your custom capacitor://localhost redirect URL:

enter image description here

For sample:

let config = MSALPublicClientApplicationConfig(clientId: "your-client-id",
redirectUri: "your-customredirect-uri",
authority: authority)
do {
  let application = try MSALPublicClientApplication(configuration: config)
 } catch let error as NSError {
 }

Otherwise, if you want to make use of SPA authentication, then you need to make use of some other redirect URL https or http and configure the application as Single-page application:

enter image description here

browser.on('loadstart').subscribe(event => {
  if (event.url.includes('code')) {
    browser.close();
    const domain = event.url.split('#')[0];
    const url = event.url.replace(domain, 'http://***');
    console.log('will redirect to:', url);
    window.location.href = url;
  }
});
  • By default, you cannot add custom redirect URL to the SPA platform.

Reference:

Use redirect URIs with MSAL (iOS/macOS) - Microsoft identity platform | Microsoft

Related Questions in IOS

Related Questions in ANGULAR

Related Questions in IONIC-FRAMEWORK

Related Questions in AZURE-AD-B2C

Related Questions in CAPACITOR

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions