copilot-chat-app azure deploy. Users who are not from the current tenant cannot log in properly.

[huangchao-shanghai]

Describe the bug
copilot-chat-app azure deploy. Users who are not from the current tenant cannot log in properly.
After logging in, it will return to the page before the login, and report the following error.
AADSTS9002326: Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type
The Azure deployment was done using the script below.
semantic-kernel/samples/apps/copilot-chat-app/deploy
/deploy-webapp.ps1

The application was registered as a Single Page Application (SPA) type
I suspect that the problem was caused by the command below. #1711

Write-Host "Updating AAD App registration..."
az ad app update --id $ApplicationClientId --web-redirect-uris "https://$webappUrl"

Expected behavior
Users from different tenants can also log in normally.

Screenshots

Desktop (please complete the following information):

• OS: Windows 11
  -Browser: Edge

Additional context

[vman]

Faced this one as well. Current manual workaround is the go back to the AAD app and reconfigure it as a Single Page App and set the web app url manually as the redirect url.

[gitri-ms]

Looking into this

[gitri-ms]

Working on a fix for this. In the meantime, the workaround is to:

1. Remove the following line from deploy-webapp.ps1 / deploy-webapp.sh:

az ad app update --id $ApplicationClientId --web-redirect-uris "https://$webappUrl"

2. After deploying, go to your app registration in the Azure portal and add your frontend URL as a redirect URI for the SPA platform type. Remove any URIs listed under the "Web" platform.