Add "no-origin" flag in order to work better with Entra desktop apps (#131)

Co-authored-by: Mark DeSpain <[email protected]>

Author: markdespain

cmd/oauth2.go

@@ -91,6 +91,7 @@ func NewOAuth2Cmd(version, commit, date string) (cmd *OAuth2Cmd) {
 	cmd.PersistentFlags().StringSliceVar(&cconfig.Prompt, "prompt", []string{}, "end-user authorization purpose")
 	cmd.PersistentFlags().StringVar(&cconfig.MaxAge, "max-age", "", "maximum authentication age in seconds")
 	cmd.PersistentFlags().StringVar(&cconfig.AuthenticationCode, "authentication-code", "", "authentication code used for passwordless authentication")
+	cmd.PersistentFlags().BoolVar(&cconfig.NoOrigin, "no-origin", false, "do not include an Origin header")
 
 	cmd.PersistentFlags().StringVar(&sconfig.TokenEndpoint, "token-endpoint", "", "server's token endpoint")
 	cmd.PersistentFlags().StringVar(&sconfig.AuthorizationEndpoint, "authorization-endpoint", "", "server's authorization endpoint")

internal/oauth2/oauth2.go

@@ -54,6 +54,7 @@ var CodeChallengeEncoder = base64.RawURLEncoding
 type ClientConfig struct {
 	IssuerURL              string `validate:"url"`
 	RedirectURL            string `validate:"url"`
+	NoOrigin               bool
 	GrantType              string `validate:"oneof=authorization_code client_credentials implicit password refresh_token urn:ietf:params:oauth:grant-type:jwt-bearer urn:ietf:params:oauth:grant-type:token-exchange urn:ietf:params:oauth:grant-type:device_code"`
 	ClientID               string
 	ClientSecret           string
@@ -536,7 +537,9 @@ func RequestToken(
 			return request, response, err
 		}
 
-		req.Header.Add("Origin", fmt.Sprintf("%s://%s", redirectURL.Scheme, redirectURL.Host))
+		if !cconfig.NoOrigin {
+			req.Header.Add("Origin", fmt.Sprintf("%s://%s", redirectURL.Scheme, redirectURL.Host))
+		}
 	}
 
 	if cconfig.DPoP {