I am trying to build windows 11 widgets via an PWA app that doesnt have any backend by itself. It should just use services like microsoft graph.
The app it self is useless, its all about the widget. So the idea is that the user installs the app, signs in one time and the service worker from then will periodically update the content of the widget.
What i have working so far (which been already a hassle) is to get sign in from azure ad working via a SPA application using the Code with PKCE flow. From there I store the token in indexed db with refresh token. For 24 hours this is working but after that the refresh token expires as its only valid for 24 hours. No matter if you exchange it for another one.
I also tried to use the web app setup but that gives me a
Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type
Is there a way out?
- is there a better flow?
- can i kill setting the origin header in PWA's like I could do in a full native app?