Microsoft Entra ID redirects to 403 Forbidden after authentication

Question

I have a python based web application that I am attempting to setup SSO through Entra ID in Azure using my organization's existing set up for SSO. After setting up a new application in Entra ID I have been following the steps described here:

https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc

After sending the sign in request (just with a simple requests.get(auth_url) in python) I am correctly brought to the Select Account Microsoft Screen

Which then takes me to the accept permissions page

After clicking accept it redirects me to the correct URI but I always receive 403 forbidden. Is there a permission I am forgetting to enable somewhere in Azure?

Answer 1

Hello Matt,

Thank you for posting your query in the Microsoft Q&A forum.

Forbidden error 403 means insufficient permissions, and this is initiated by the web application. There are a load of reasons you might be experiencing this which range from consent issues to networking.

On the application where you have added your redirect URL, Confirm that administrator consent has been granted for the application to access user profiles.

If this isn't the case, check if there is a conditional access in place in your tenant which is preventing this access.

Depending on where the web application is hosted, check the networking setting.

I would advise you to do a network trace to see what is blocking your access and also test with jwt.ms if this is application-related.

NB: Your SSO set-up seems to be working fine

Let me know if further assistance is needed.

Babafemi