'Adding two platforms to App Registration causes CORS error for local development
I developed an SSO app (Angular) that needs authenticatioin through the Azure Identity Platform. In this way I can call downstream services that are protected via Azure Identity.
To make this work I added a platform for "Single page application" under the "Authentication" pane in Azure App Registrations.
But I also have a WPF application that also needs to call the same services.
This means that my WebApp and also the WPF app need to obtain tokens for the same services.
For this I added two platforms to my App registration like this:
This works fine. Users can authenticate in the webapp and also in the WPF app.
But however, if I am developing my web app I cannot get tokens for my development system.
This is because when the token is requested from my webapp a CORS error appears.
Adding "Mobile and desktop applications" platform causes the token endpoint to NOT attach an Allow-all origin header to the response headers of the token endpoint.
This makes it impossible to call my app from the development system.
Removing the "localhost" Redirect URL from the list of the "Mobile and desktop applications" resolves the error, but now my WPF users cannot authenticate anymore.
Anyone has a proposal what to do about this? How can the Allow-all header be added to tokens returned to "localhost"?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|