Trying to get access token in Nitro from Microsoft Entra ID where app is setup as SPA fails due to CORS #7929

arif-hanif · 2025-01-14T12:45:35Z

Product

Nitro

Version

23.0.2

Link to minimal reproduction

https://hotchocolategraphql.slack.com/archives/C02A2NX3WAH/p1732026469001429

Steps to reproduce

The authorize endpoint is working just fine and returns a code challenge but obtaining access token fails due to below.

Either on the Desktop or Web obtaining token returns bad request 400 error, using postman with same settings returns the same error but when the origin value is modified in postman a successful token is obtained.

In Nitro the origin field does not seem to be passed in to the request header.

What is expected?

Access token to be returned

What is actually happening?

Bad request due to CORS

Relevant log output

Additional context

No response

github-actions bot added the 🌶️ nitro label Jan 14, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Trying to get access token in Nitro from Microsoft Entra ID where app is setup as SPA fails due to CORS #7929

Trying to get access token in Nitro from Microsoft Entra ID where app is setup as SPA fails due to CORS #7929

arif-hanif commented Jan 14, 2025

Trying to get access token in Nitro from Microsoft Entra ID where app is setup as SPA fails due to CORS #7929

Trying to get access token in Nitro from Microsoft Entra ID where app is setup as SPA fails due to CORS #7929

Comments

arif-hanif commented Jan 14, 2025

Product

Version

Link to minimal reproduction

Steps to reproduce

What is expected?

What is actually happening?

Relevant log output

Additional context