error":"invalid_grant","error_description":"AADSTS700009: Reply address must be provided when presenting an authorization code requested with an explicit reply address

MuhammedIsmailMannilthodi-0476 20 Reputation points
2023-03-01T22:35:13.87+00:00

I have an error. and both URIs are the same on both azure and my request part.

{"error":"invalid_grant","error_description":"AADSTS700009: Reply address must be provided when presenting an authorization code requested with an explicit reply address.\r\nTrace \r\nTimestamp: 2023-03-01 21:39:03Z","error_codes":[700009],"timestamp":"2023-03-01 21:39:03Z","trace_id":"600bf5bb-4acb-4144-a2f7-415a47340600","correlation_id":""}
note : i tired to remove the replyUri's from both the end , still same issue.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,158 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 35,631 Reputation points Microsoft Employee
    2023-03-07T21:17:04.9366667+00:00

    Hi MuhammedIsmailMannilthodi-0476,

    I have sent you an email offline, but wanted to update this post with the status as well. In the example you sent, the parameter was listed as redirect_url instead of redirect_uri.

    https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

    If you still receive this error, please let me know and I will investigate further. It may be worth adding the optional parameters as well in order to test.

    Thanks,

    Marilee

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. asvr asvr 20 Reputation points
    2024-02-25T18:18:03.2766667+00:00

    Hey I'm facing the same problem and getting this error response

    { 
    "error": "invalid_grant",
        "error_description": "AADSTS70000: The provided value for the 'code' parameter is not valid. The code has expired. Trace ID: 083f67da-bb9e-4778-b8e3-bcdaf5608001 Correlation ID: 3593c6e6-f82f-4405-8a60-de33c270351f Timestamp: 2024-02-25 18:14:22Z",
        "error_codes": [
            70000
        ],
        "timestamp": "2024-02-25 18:14:22Z",
        "trace_id": "083f67da-bb9e-4778-b8e3-bcdaf5608001",
        "correlation_id": "3593c6e6-f82f-4405-8a60-de33c270351f",
        "error_uri": "https://login.microsoftonline.com/error?code=70000"
    }
    
    
    0 comments No comments

  2. Marilee Turscak-MSFT 35,631 Reputation points Microsoft Employee
    2023-03-02T23:11:41.68+00:00

    Hi MuhammedIsmailMannilthodi-0476,

    I understand that you are receiving a reply URL mismatch error, even though the reply URL in your request matches the one in your app registration. There are a few issues that could cause this.

    For local testing, note that when you try to use an http scheme, the port component (for example, :5001 or :443) is ignored for the purposes of matching a redirect URI. As a result, all of these URIs are deemed equivalent. For example, if you have more than one redirect uri for different purposes (example: http://localhost:5000/mywebapp and http://localhost:5001/mywebapp), both are considered equivalent. So for the most part, the redirect URL for web apps and services must begin with the scheme https. See: Redirect URI (reply URL) restrictions and limitations

    If the URLs match, it is possible that the proxy is terminating HTTPS, so the traffic your application is getting is HTTP. If this is the case, you will need to update the proxy to forward the headers and add Https redirection.

    See example code:

    app.UseForwardedHeaders(new ForwardedHeadersOptions
    {
          ForwardedHeaders = ForwardedHeaders.XForwardedProto
    });
    

    Then adding this reference:

    using Microsoft.AspNetCore.HttpOverrides;
    
    

    You may need to also ensure that you have set ASPNETCORE_FORWARDEDHEADERS_ENABLED=true in the application settings.

    If the issues is not related to HTTP/HTTPS mismatch, please also verify that login.microsoft.com is added to the allowed CORS list, and that none of the reply URLs have any extra spaces, slashes, or additional characters.

    If the suggestions do not work, feel free to reach out to me at AzCommunity@microsoft.com ("Attn: Marilee Turscak") and include your subscription ID, a link to this post, a screenshot of your full error message and redirect URI configuration in the portal, and I will gladly assist.

    Additional resources:

    Redirect URI (reply URL) restrictions and limitations

    AADSTS500112: The reply address 'http://testurl' does not match

    How to set redirect_uri protocol to HTTPS in Azure Web Apps

    Reply URL mismatch

    AADSTS500112: The reply address does not match the reply address provided when requesting Authorization code

    Reply address does not match

    If the information helped you, please Accept the answer. This will help us as well as others in the community who might be researching similar information.