[
https://issues.apache.org/jira/browse/GUACAMOLE-1668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583084#comment-17583084
]
Hiram Amador commented on GUACAMOLE-1668:
-----------------------------------------
I'm going to drop this here
[OAuth 2.0 implicit grant flow - The Microsoft identity platform - Microsoft
Entra | Microsoft
Docs|https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow]
Also one of the top headlines mentions how implicit flow might not work where
browsers block third party cookies. Microsoft recommendation is to move
authorization code flow instead of implicit.
> OpenID implementation of Azure not compatible with Get request
> --------------------------------------------------------------
>
> Key: GUACAMOLE-1668
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1668
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole-auth-openid
> Affects Versions: 1.4.0
> Reporter: Hiram Amador
> Priority: Minor
>
> I just noticed in the logs that the token URL is requested using a get method
> in guacamole.
> When trying to use a get with the Microsoft token page, an HTML file is sent
> with an error message saying that the only acceptable methods for the token
> page are POST or OPTION.
> The OpenID implementation might need a way to configure the token request to
> use POST or OPTION to retrieve the token.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
