[Bug] Get

[ericmort]

Which version of MSAL Go are you using?
Note that to get help, you need to run the latest version.
1.2.0

Where is the issue?

• Public client
  • Device code flow
  • Username/Password (ROPC grant)
  • Authorization code flow
• Confidential client
  • Authorization code flow
  • Client credentials:
    • client secret
    • client certificate
• Token cache serialization
  • In-memory cache
• Other (please describe)

Is this a new or an existing app?
This is a new app or an experiment.

What version of Go are you using (go version)?
Go vers

$ go version go1.21.1 darwin/amd64

What operating system and processor architecture are you using (go env)?

go env Output

$ go env
GO111MODULE=''
GOARCH='amd64'
GOBIN=''
GOCACHE='/Users/ericmortensen/Library/Caches/go-build'
GOENV='/Users/ericmortensen/Library/Application Support/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='darwin'
GOINSECURE='proxy.golang.org/*,github.com,github.com/*'
GOMODCACHE='/Users/ericmortensen/go/pkg/mod'
GONOPROXY='proxy.golang.org/*,github.com,github.com/*'
GONOSUMDB='proxy.golang.org/*,github.com,github.com/*'
GOOS='darwin'
GOPATH='/Users/ericmortensen/go'
GOPRIVATE='proxy.golang.org/*,github.com,github.com/*'
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/Cellar/go/1.21.1/libexec'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/Cellar/go/1.21.1/libexec/pkg/tool/darwin_amd64'
GOVCS=''
GOVERSION='go1.21.1'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='cc'
CXX='c++'
CGO_ENABLED='1'
GOMOD='/Users/ericmortensen/Projects/baas/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -ffile-prefix-map=/var/folders/s8/yss6gwtx5zv0qqlkd8h15xcc0000gn/T/go-build1961895256=/tmp/go-build -gno-record-gcc-switches -fno-common'

Repro

func AzureADAuthMiddleware() gin.HandlerFunc { return func(c *gin.Context) { client, err := public.New("", public.WithAuthority("https://login.microsoftonline.com/")) result, err := client.AcquireTokenInteractive(context.TODO(), []string{"openid"}, public.WithRedirectURI("http://localhost:8082")) if err != nil { c.String(http.StatusUnauthorized, "Unauthorized") c.Abort() return } c.Set("account", result) c.Next() }

}


Expected behavior
Expect browser window to open, select user and be redirected to the Go app. Then expect the code exchange to work and be authenticated.

Actual behavior
The code exchange does not work. I get the following error here:

microsoft-authentication-library-for-go/apps/public/public.go

Line 677 in c3591af

token, err := pca.base.Token.AuthCode(ctx, req)

AADSTS9002327: Tokens issued for the 'Single-Page Application' client-type may only be redeemed via cross-origin requests.

Possible solution
Based on searching around I tried adding a "Origin": "localhost:8082" in the addStdHeaders() function here:

microsoft-authentication-library-for-go/apps/internal/oauth/ops/internal/comm/comm.go

Line 319 in c3591af

return headers

[ericmort]

Forgot to add that adding the Origin header solved the issue and I was authenticated as expected.

[ericmort]

apologies, the code I used was:

func AzureADAuthMiddleware() gin.HandlerFunc {
	return func(c *gin.Context) {
		client, err := public.New("my-app-id", public.WithAuthority("https://login.microsoftonline.com/my-tenant-id"))
		result, err := client.AcquireTokenInteractive(context.TODO(), []string{"openid"}, public.WithRedirectURI("http://localhost:8082"))
		if err != nil {
			c.String(http.StatusUnauthorized, "Unauthorized")
			c.Abort()
			return
		}
		c.Set("account", result)
		c.Next()
	}

}
Github removed some characters