azurehound version v2.1.9
Refresh tokens from single page applications (like the azure portal) error out with error code AADSTS7000.
Command: azurehound -r "<refresh_token>" list --tenant "example.onmicrosoft.com" -o output.json
Tested the same command with a MSgraph refresh token and that did work.
I assume the issue lies in the fact that it needs the origin key in the header of the request.
MS documentation: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow#redirect-uris-for-single-page-apps-spas
Perhaps something across the lines of (in the http.go, NewRequest function):
req.Header.Set("Origin", "example.com")
Curious to hear any thoughts.
azurehound version v2.1.9
Refresh tokens from single page applications (like the azure portal) error out with error code AADSTS7000.
Command:
azurehound -r "<refresh_token>" list --tenant "example.onmicrosoft.com" -o output.jsonTested the same command with a MSgraph refresh token and that did work.
I assume the issue lies in the fact that it needs the origin key in the header of the request.
MS documentation: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow#redirect-uris-for-single-page-apps-spas
Perhaps something across the lines of (in the http.go, NewRequest function):
req.Header.Set("Origin", "example.com")
Curious to hear any thoughts.