python web app sign-in issue: 'redirect_uri' is not valid

dh83 21 Reputation points
2020-08-25T10:07:39.61+00:00

Hello,

I am trying to implement an authentication with for my python web app with azure service. I am following this tutorial: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-python-webapp. I registered the app, modified the configuration file, but when I tried to signed in, I always get

We're unable to complete your request
invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application.

Here is the details of my app registration

Display name: testAuthentication
Application (client) ID: a275eaef-14b9-40f8-aa72-4c205bacb64d
Directory (tenant) ID: 5499ec18-3857-49df-bbc3-508d86bb2d3f

In the authentication tab of the registration, I am putting http://localhost:5000/getAToken as instructed in the tutorial. I also did not modify anything in the code, except the configuration file app_config.py.

Anyone here already succeed in running this tutorial? Any suggestion on what I might be wrong? Let me know if you need more info, so I can share with you (this is my first question, so please bare with me).

Many thanks,

Duong

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,472 questions
0 comments
Accepted answer
  1. soumi-MSFT 11,716 Reputation points Microsoft Employee
    2020-08-27T05:38:16.077+00:00

    @dh83 , It looks like you are accessing the application using the URL: http://127.0.0.1:5000 in the browser, because of which the redirect URI is getting changed as http://127.0.0.1:5000/getAToken . Since this entry is not present in your Redirect URI configuration in AAD App Registration, hence that Reply URL mismatch error.

    Now you have two ways to fix this access the application using http://localhost:5000

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,306 Reputation points
    2020-08-25T11:19:42.1+00:00

    Hello @dh83 By tracking the failures for the Application (client) ID: a275eaef-14b9-40f8-aa72-4c205bacb64d in your tenant, I found that the reply url (aka redirect_uri) in your request is http://127.0.0.1:5000/getAToken and the reply url configured In the authentication tab of the registration is http://localhost:5000/getAToken.
    Both these urls should be exactly same.

    Please try changing REDIRECT_PATH = "/getAToken" to REDIRECT_PATH = "http://localhost:5000/getAToken" in the app_config.py file and test again.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

  2. soumi-MSFT 11,716 Reputation points Microsoft Employee
    2020-08-25T11:41:15.263+00:00

    @dh83 , Thank you for reaching out. I was looking into this and I just tested this sample and it worked absolutely fine for me.

    Can you check when you run the code, in the terminal are you seeing that the Flask server is running on http://127.0.0.1:5000/ ?
    As even I didn't make any changes to the sample except adding the clientId and clientSecret, as if the Flask server is not running on port 5000 and if you specify the reply url as http://localhost:5000/getAToken, then it would fail.

    Do let me know the answer to the above query. If the Flask server is also running on port 5000 and still we are getting this error, in that case, I would like you to drop me an email on "azcommunity[at]microsoft[dot]com" as it might need a thorough checkup.

    Make sure you send the reference of this post in the email so that its easier for me to track your email and help you further.

  3. dh83 21 Reputation points
    2020-08-26T15:42:41.777+00:00

    @AmanpreetSingh-MSFT : changing redirect_path crashed the application with the error mentioned by @soumi-MSFT

    @soumi-MSFT : I sent you an email on azcommunity[at]microsoft[dot]com with full details as requested. I double checked my url from Flask run, and the port is correct: http://127.0.0.1:5000/.

    I have tried two different options in app_config.py:

    AUTHORITY = "https://login.microsoftonline.com/common" # For multi-tenant app --> ''redirect uri' is not valid (error.png)
    AUTHORITY = "https://login.microsoftonline.com/5499ec18-3857-49df-bbc3-508d86bb2d3f" --> AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'a275eaef-14b9-40f8-aa72-4c205bacb64d'. (error1.png)

    Many thanks for your help