What are the functional differences between App ID URI and Return URLs in AzureAD app registrations?

Anne Admin 6 Reputation points
2022-11-03T09:11:06.277+00:00

We are encountering an issue with AzureAD where the App ID URI cannot be set to a URL which is not a trusted domain

No such restriction applies to return URLs

Why are the restrictions different between these two functions? My understanding was that they were almost completely interchangeable

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2022-11-04T08:30:29.313+00:00

    Hi @Anne Admin ,

    Thanks for reaching out.

    I understand you are skeptical about the Application Id URI and Redirect URI which need to register in the portal while Application registration.

    The Application ID URI field is used to uniquely identify the scopes of your custom api and hence that entry has to be globally unique. You can either use the default value provided, which is in the form api://<application-client-id> or specify a more readable URI like https://contoso.com/api.

    It would always recommend a fresh setup for the app registration, if that is a possibility on your end and set App Id URI which always generates unique App ID URI name in its Azure AD tenant or verified customer owned domain.

    Supported application Id formats are mentioned here.

    whereas redirect URI, or reply URL, is the location where the authorization server sends the user once the app has been successfully authorized and granted an authorization code or access token. This can be any page and not required to be always unique.

    However, there are some restrictions for redirect URL which is mentioned here.

    Both the application Id URI and Redirect URL have different functionality and cannot be interchange.

    Hope this will help.

    Thanks,
    Shweta

    ----------------------------------------

    Please remember to "Accept Answer" if answer helped you.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.