This question is related to the problem described in a following StackOverflow question: azure active directory - Getting access tokens from Postman: Tokens issued for the 'Single-Page Application' client-type may only be redeemed via cross-origin requests - Stack Overflow.
During OAuth 2.0 “authorization code with PKCE” grant, Azure AD requires
Origin header to be present on the request to
/token endpoint. If header is not present, authorization flow fails with the following error:
Error: AADSTS9002327: Tokens issued for the ‘Single-Page Application’
client-type may only be redeemed via cross-origin requests
Unfortunately, Postman is not adding this header to the flow, hence the request for a token fails.
Is there a way to add a custom header into the requests that are executed behind “Get new access token” flow? I have tried adding headers to the request that the token is attached to, as well as “pre-request script”. Neither of these methods helped.