Proof Key for Code Exchange is required for cross-origin authorization code redemption

I have a simple Angular application that needs to use Azure AD for authentication. I’ve setup all the redirect URLs correctly using the following guide:

Now I’m getting the following error after loging in on the Office365 side:

Sorry, but we’re having trouble signing you in.

AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption.

It seems I need to do the following:

Under implementation it says to follow the quick starts for PKCE, which is what I was doing in the first place. Is there something additional I need to change on my application?

Hi @scubed2010,

Welcome to the Community!

How did you set up your angular app? Are you using a quickstart, or auth0-spa-js? Can you confirm that the app is registered as a SPA in the auth0 dashboard under app settings?

Let me know,
Dan

Thanks @dan.woda for getting back to me. I just downloaded the quickstart which appears to be using:

@auth0/auth0-spa-js

I’ve attached screenshots as a reference.

It should just work. Can you DM me the name of your tenant so I can take a look at your errors?

Also, how are you getting this error? Is it coming from a failed API call?

Thanks Dan. That was my expectation as well. Here is my tenant URL:

jkb.us.auth0.com

I believe this is what you need.

Once the Angular app is running I do the following screen flow:

  • auth1.png
  • auth2.png
  • auth3.png


auth2

Please let me know if you need any further information.

Thanks for the added info. I am not seeing anything by just looking at your tenant config. Can you record a HAR file of the error and send it to me in a DM.

Thanks Dan, I’ve attached the HAR.

Note, I do see the 404 with the following call:

https://jkb.us.auth0.com/user/ssodata

However, after Googling, it seems this shouldn’t be an issue. However, I’m probably missing something.

Hi @scubed2010,

I took a look at this today and was unable to find a cause of the error. It looks like you also filed a support ticket and that has been escalated to a senior support engineer. I am going to let them take it from here.

I’ll update this post when we have a solution.

Feel free to post any other questions you have :smile:

-Dan

Hi Dan,

I did create a support ticket here:

I’m hopeful they will get back to me soon. Do you think it would be helpful if I created a screen share going through the entire process within Auth0, Azure, and in my Angular application?

Thanks,

Kyle

Problem solved. You must add the redirect URLs under Web, not single page application. After that, indeed it does just work (see attached).

I’m not sure that this is very clear based on the documentation. Did I miss it anywhere?

7 Likes

Thanks for letting us know!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.