Share via

Azure AD B2C Redirect URI not recognising listed URI

Keone Martin 20 Reputation points
2023-06-16T02:04:27.8466667+00:00

The entire redirect system in B2C is both entirely opaque and entirely broken.

  1. The list is misleading because (as mentioned in multiple other posts here) if you have more than one entry the 2nd+ are ignored and only the first one is used.
  2. It can't handle basic matching, see below images.

Screenshot 2023-06-16 at 11.52.31 am

Screenshot 2023-06-16 at 11.59.32 am

I have tried forcing the redirect to not have the --/redirect path and it still doesn't accept it.

It works magically sometimes after an undefined period of time. I have lost hours of my life trying to fix something that should never have been an error.

I have also previously gotten errors (I didn't grab a screenshot) which state
`

 "error": {
    "code": "redirect_uri_mismatch",
    "description": "AADB2C90006: The redirect URI 'THE REQUESTED URI REDIRECT' provided in the request is not registered for the client id 'f3e54b2e-c0cd-4590-bd86-c674777f61b4'.\r\nCorrelation ID: f790a580-b4f6-4588-a0ad-d388046dc66e\r\nTimestamp: 2023-06-16 01:47:56Z\r\n",
    "params": {
      "error": "redirect_uri_mismatch",
      "error_description": "AADB2C90006: The redirect URI 'A PREVIOUSLY DELETED URI' provided in the request is not registered for the client id 'f3e54b2e-c0cd-4590-bd86-c674777f61b4'.\r\nCorrelation ID: f790a580-b4f6-4588-a0ad-d388046dc66e\r\nTimestamp: 2023-06-16 01:47:56Z\r\n",
      "state": "YlJ4H7Pqfp"
    },
    "state": "YlJ4H7Pqfp"
  },

The entire thing is a joke of a product that I would be embarrassed to have in production as a solo developer and I can't comprehend how Microsoft is ok releasing something like this for public consumption.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,741 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Renatas Lauzadis 15 Reputation points
    2023-06-16T17:33:22.16+00:00

    @Keone Martin We have faced this issue today as well. Yesterday it was fine. Today we did the deployment and we got old URLs used some time ago. I was sitting with my team for 4 hours trying to figure out the issue. It starts to work automagically in following manner:

    14:00 detected wrong reply URLs and fixed the registration

    14:10 no impact

    14:12 added http://127.0.0.1

    14:22 no impact

    14:24 added http://localhost:8080. added http://localhost:8081

    14:34 no impact

    ....

    18:00 redirect uri changed to http://127.0.0.1

    18:20 redirect uri changed to http://localhost:8081

    18:30 i do not know what will happen next :)

    It seems like there are some redirect URI caches that are not being invalidated. Officially they state 3-5 minutes: https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/error-code-aadsts50011-redirect-uri-mismatch

    1 person found this answer helpful.