update documentation - Azure AD IdP

Question

update documentation - Azure AD IdP

nergalex opened this issue 3 years ago · 4 comments

Hello,

To support Azure AD as an IdP, it's necessary to set header Origin. If not, this issue here is encountered.
Error looks like: [error] 10#10: *1 js: OIDC error from IdP when sending authorization code: invalid_request, AADSTS9002327: Tokens issued for the 'Single-Page Application' client-type may only be redeemed via cross-origin requests.

Fix is to add proxy_set_header Origin $host; in locations /_token and /_refresh

Could you update the documentation?

Best Regards

Answer 1 · 2023-07-07T15:06:05.000Z

Hi,
I am interested in this issue. Is this issue still open or closed?

Thanks and Regards

Answer 2 · 2024-04-02T19:51:37.000Z

This proposed fix lead me down a bad path. I found the fix to be to unset any headers from the client. #88

Answer 3 · 2024-11-25T17:56:55.000Z

This is still an issue, and is not specific to EntraID. It affects all IdPs.

I think @ag-TJNII has a good fix in #88, and hope that is merged soon.

Answer 4 · 2024-12-10T12:08:41.000Z

Now that the PR is merged, is there a planned milestone? Too late for 4.0.0, maybe?