fix(authcode): Set Origin header on token request

[MisterMX]

Allows passing Azure AD CORS checks.

Fixes: https://github.com/int128/kubelogin/issues/1048

on-behalf-of: @eon-se [email protected]

[MisterMX]

@int128 can you take a look at this?

[justingrz]

@int128 I am also interested. Could you review this?

[blairdrummond]

Really slick, works for me as well. I tested with this

resource "azuread_application" "app" {
  display_name = var.display_name
  owners           = [data.azuread_client_config.current.object_id]
  sign_in_audience = "AzureADMyOrg"
  group_membership_claims = ["All"]
  api {
    mapped_claims_enabled          = true
    requested_access_token_version = 2

    known_client_applications = [
      # AZ CLI
      # https://learn.microsoft.com/en-us/troubleshoot/entra/entra-id/governance/verify-first-party-apps-sign-in#application-ids-of-commonly-used-microsoft-applications
      "04b07795-8ddb-461a-bbee-02f9e1bf7b46"
    ]

  }
  optional_claims {
    access_token {
      name = "groups"
      #source                = null
      essential = false
      #additional_properties = []
    }
    id_token {
      name = "groups"
      #source                = null
      essential = false
      #additional_properties = []
    }
    saml2_token {
      name = "groups"
      essential = false
      additional_properties = []
    }
  }

  required_resource_access {
    resource_app_id = "00000003-0000-0000-c000-000000000000" 

    resource_access {
      id   = "e1fe6dd8-ba31-4d61-89e7-88639da4683d" # User.Read.All
      type = "Scope"
    }
  }

  fallback_public_client_enabled = true

  single_page_application {
    redirect_uris = [
      "http://localhost:8000/",
      "http://localhost:18000/"
    ]
  }
}

[int128]

I think this solution is very specific for Azure AD. I'd like to suggest to support custom HTTP headers as https://github.com/int128/kubelogin/pull/1359. Could you check if it solves this issue?