having both `SPA` and `mobile and desktop` redirect URIs leads to an error

[ekdnam]

Describe the bug
A clear and concise description of what the bug is.

I followed both the Azure Active Directory app registration procedures as stated in ./README.md and ./tools/importdocument/README.md.

Specifically:
From ./README.md

Supported account types: "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)"
Redirect URI (optional): Single-page application (SPA) and use http://localhost:3000/.

and ./tools/importdocument/README.md

A registered App in Azure Portal (https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app)
Select Mobile and desktop applications as platform type, and the Redirect URI will be http://localhost
Select Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox) as the supported account type for this sample.
Note the Application (client) ID from your app registration.

If there are both, it leads to the error

invalid_request: 90023 - [2023-08-18 13:08:17Z]: AADSTS90023: Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type or 'Native' client-type with origin registered in AllowedOriginForNativeAppCorsRequestInOAuthToken allow list.
Trace ID: ---
Correlation ID: ---
Timestamp: 2023-08-18 13:08:17Z - Correlation ID: --- - Trace ID: ---
AuthError@http://localhost:3000/static/js/bundle.js:34540:20
ServerError@http://localhost:3000/static/js/bundle.js:35580:24
./node_modules/@azure/msal-common/dist/response/ResponseHandler.js/ResponseHandler.prototype.validateTokenResponse@http://localhost:3000/static/js/bundle.js:36903:13
./node_modules/@azure/msal-common/dist/client/AuthorizationCodeClient.js/AuthorizationCodeClient.prototype.acquireToken/AuthorizationCodeClient</<@http://localhost:3000/static/js/bundle.js:33038:29
step@http://localhost:3000/static/js/bundle.js:28896:17
./node_modules/@azure/msal-common/dist/_virtual/_tslib.js/__generator/verb/<@http://localhost:3000/static/js/bundle.js:28845:14
fulfilled@http://localhost:3000/static/js/bundle.js:28804:24

However if I remove the Mobile and desktop applications redirect URI and just keep SPA, the app works fine.

How to resolve?

To Reproduce
Steps to reproduce the behavior:

1. Described above

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Platform

• OS: MacOS
• IDE: VS Code
• Language: C#
• Source: main branch of chat-copilot

Additional context
Add any other context about the problem here.

[crickman]

Thank you for this question. We are always looking to improve our deployment documentation and process. I will follow-up after looking into this.

[ekdnam]

Yes please let me know if you need anything from my side

[gitri-ms]

Hi @ekdnam, I believe the solution here is that you need two separate app registrations: one for Chat Copilot that uses the SPA platform type, and another for the import document tool that uses the Mobile/Desktop platform type. (As you've seen, trying to combine the two causes problems with token redemption in Chat Copilot.) I will update the README to make this clearer.