Dec 20 2023 04:37 AM
Hello together,
after last update I get the message "AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption."
The admin center is registered in Azure. URi has migrated to SPA as recommended by the notice. Windows domain login works and Azure MFA fails after successful login with said error. When I switch the Uri to Web, the problem doesn't occur. First when I want to connect via configuration accounts to the Azure account get a different error message "AADSTS9002326: Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type"
Does anyone else have the problem ?
Jan 05 2024 03:01 AM
Yes it seems to affect people that use Azure registration with MFA enabled.
Try to unregister and register again using the same app is (Note it)
If this doesn't help unregister and delete the app via Entra business applications remove Filter search for Admin Center.
Make sure this is 2311 release not the preview anymore. The preview had that issue.
Jan 05 2024 03:22 AM
Hello,
I installed the update via the admin center on 18.12.2023.
I deleted the app and set it up again. Once directly in Azure and then again via the admin center.
I can only log in with MFA if the app is set up with WEB and not as a SPA.
However, if I then try to log in to my Azure account under the settings, the following message comes up
Type
Error
Message
9002326 - [2024-01-05 11:19:33Z]: AADSTS9002326: Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type. Request origin:
Jan 06 2024 08:18 AM - edited Jan 06 2024 08:18 AM
ok please contact Microsoft Azure Support then, they are responsible for Windows Admin Center.
Also consider to open a feedback on aka.ms/wacfeedback. I am quite sure i have the same issues with WAC and onboarding to Azure when protected with MFA.
Jan 23 2024 03:27 AM