You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Refresh tokens from single page applications (like the azure portal) error out with error code AADSTS7000.
Command: azurehound -r "<refresh_token>" list --tenant "example.onmicrosoft.com" -o output.json
Tested the same command with a MSgraph refresh token and that did work.
azurehound version v2.1.9
Refresh tokens from single page applications (like the azure portal) error out with error code AADSTS7000.
Command:
azurehound -r "<refresh_token>" list --tenant "example.onmicrosoft.com" -o output.jsonTested the same command with a MSgraph refresh token and that did work.
I assume the issue lies in the fact that it needs the origin key in the header of the request.
MS documentation: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow#redirect-uris-for-single-page-apps-spas
Perhaps something across the lines of (in the http.go, NewRequest function):
req.Header.Set("Origin", "example.com")
Curious to hear any thoughts.
The text was updated successfully, but these errors were encountered: