The provided value for the input parameter 'redirect_uri' is not valid. Using Authentication/Authorization AAD

JOCO 21 Reputation points
2020-06-18T04:51:22.737+00:00

I'm using Authentication/Authorization from the App Service Settings. I already inputted my clientID which I created from App registration in Azure Active Directory and Issuer url as

https://login.microsoft.com/Tenant_ID/v2.0

Under my App Registration I set my redirect url as of the ff:

https://sample.azurewebsites.net/.auth/login/aad/callback
https://sample.azurewebsites.net/
https://sample.azurewebsites.net/menu/home

But I still get redirect Uri error

We're unable to complete your request
invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,102 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Vasil Michev 92,596 Reputation points MVP
    2020-06-18T06:33:50.127+00:00

    Well are you adding the redirect uri as part of the token request? You can share the code sample.

    1 person found this answer helpful.

  2. soumi-MSFT 11,696 Reputation points Microsoft Employee
    2020-06-18T07:51:11.76+00:00

    @JOCO-1665, Thank you for reaching out. The redirect uri is something that AAD needs to know so that once AAD has done preparing the requested token, it would post that token back on that redirect uri so that the application can consume it.

    For your application since not sure about the complete request that you are sending, let me share a sample request with which you can test.

    https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={client-id}&response_type=code&redirect_uri={redirect-uri}&response_mode=fragment&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2F.default&state=12345

    This request uses the following scopes openid, offline_access and https://graph.microsoft.com/.default. You can modify the scope as per your need and then try this request out. When you specify the redirect uri in this request, make sure that same redirect uri is listed in the app registration too. If this request gets successfully submitted to AAD, you should receive a response in the following format:

    https://{redirect-uri}#code=xxxxxxx

    If this fails, do let us know the exact request that you are sending to AAD to fetch the code or the token so based on that we can help you further.

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.


  3. Sean Killeen 351 Reputation points MVP
    2020-06-18T11:43:44.537+00:00

    Posting it here just in case it happens to be relevant or useful.

    I was getting this error despite using an out of the box template and setting things up as described.

    Turns out my application, which was in a container, needed to modify some additional steps (specifically, forwarding some headers) before things would work.

    I wrote it up in a blog post here: https://seankilleen.com/2020/06/solved-net-core-azure-ad-in-docker-container-incorrectly-uses-an-non-https-redirect-uri/

    Published it ahead of schedule in case you might find it useful.


  4. JOCO 21 Reputation points
    2020-06-19T01:01:29.557+00:00

    @soumi-MSFT

    Here's my login request:

    https://login.microsoft.com/{tenantid}/oauth2/v2.0/authorize?response_type=code+id_token&redirect_uri=https%3A%2F%2Fsample.azurewebsites.net%2F.auth%2Flogin%2Faad%2Fcallback&client_id={clientID}&scope=openid+profile+email&response_mode=form_post&nonce={some numbers that I dont know}&state=redir%3D%252F

    I just followed the steps under "Configure with advance settings.

    https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad

    I have also tried the login request that you have sent, but it causes a loop even I inputted my user and pass it goes back to login page again.