A2HS breaks AzureAD oAuth/SSO

Mwelander 1 Reputation point
2022-11-12T16:42:20.743+00:00

When I use my AzureAD SSO/oAuth for authenticating users in a browser (on my web application) it works great. If a user opts to add my app to their iOS homescreen, the Microsoft login integrations doesn't work for them.

The error I get is
AADSTS55011 saying that the redirect URI does not match the URI configured for the application.

The URI displayed is the correct one, the one that works fine if said user goes through their browser without adding my webapp to their homescreen.

What's going on here?

I noticed that in the azure portal I have the option of adding a PWA in addition to a Webapp, but they then require different URIs for redirecting after authentication.

My webapp is not aware whether the user has added it to homescreen or not, so I can not differentiate, I can not pass the user to one login route from a browser and to another if they added my app to the homescreen. Catch22?

Furthermore, how does microsoft know whether the user is making the request from a A2HS browser or from regular safari (or other) browser?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,613 questions
{count} votes