Share via

Azure B2C app uses incorrect redirect URL

elkq 0 Reputation points
2023-03-13T20:47:36.3866667+00:00

I ran into an interesting Azure B2C behavior that I have not seen in regular Azure AD apps. I am hoping I can get an answer in this community.

When testing a web application secured by Azure B2C (integrated with an external IDP over OIDC), I need to configure several redirect URLs for my laptop, dev server, qa server, load balancer etc.). I found that the app uses incorrect redirect URL when multiple redirect URLs are configured. The incorrect URL that is used might be the one for prior successful login via a different host, or might be the redirect URL that had been deleted on the app. Honestly I have not been able to figure out a pattern yet.

The following screenshots is an example - "https://accdevipc0a0163.csgidev.com/AzureSsoService/test-signin-oidc" was deleted and no longer exists on the registered app, but the message trace shows that it is still used even if the first message specifies a different redirect URL in the query parameters.

I attached the HAR trace as well in case that helps. User's image

User's image

Microsoft Security | Microsoft Entra | Microsoft Entra ID

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 18,011 Reputation points Microsoft Employee Moderator
    2023-03-30T11:27:57.7766667+00:00

    @elkq

    Thanks for your time and patience. This could happen because of following reasons.

    Redirect URL configured in the application code. In the Azure portal, the redirect URIs that you register on the Authentication page for your application need to match these URLs.

    User's image

    • Also If the end user's web browser is blocking third party cookies.

    If this does not help then we need to have fiddler trace.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes/No), and share your feedback if the suggestion works as per your business need. This will help us and others in the community as well.

    0 comments
  2. Ahmad Gad 0 Reputation points
    2024-03-05T21:38:52.5233333+00:00

    Hi,

    I'm afraid this issue still persists until this moment.
    Not that only, I'm facing a terrible issue now. I have two registered app and two different user flows and I'm linking them to two different apps in the same dev machine. The issue that, both apps always redirected to the redirect URL of the last successful login of one particular registered app even if I'm using the client ID of the other one. I cleared the cache many time and used different 3 browsers (Chrome, Firefox and Edge) in normal mode and private mode still no hope. It seems like the B2C tenant has its own server caching. It also caches the last authentication method. Even though if you have conditional access to differentiate between users in two different groups where one has MFA enforced and the other one not, it will follow the last successful method one for both ignoring the conditional access. I put a question about this issue and didn't get any feedback yet.

  3. Santhya Rama S 120 Reputation points
    2024-03-20T04:51:49.63+00:00

    I think it takes around 60 mins for the changes to reflect, as per this post

    https://learn.microsoft.com/en-us/answers/questions/1181295/azure-b2c-redirect-url-takes-around-1h-before-take

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.