Using MSAL/MSGraph behind a reverse proxy

asked 2020-10-29T17:27:31.427+00:00
Robert Litchfield 116 Reputation points

I'm trying to host a Flask web application behind an IIS reverse proxy and access MS Graph using MSAL. I have the reverse proxy working (woot!), but when I try to use MS Graph/MSAL it sees the original URL as the redirect_uri, not the reverse proxy URL.

I get the following error:
Sorry, but we’re having trouble signing you in.
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application:

The Microsoft response URL is:<not showing>/oauth2/v2.0/authorize?client_id=<not showing>&response_type=code&redirect_uri=http%3A%2F%2Fsrvedmwebapp01.universe.local%3A9000%2FgetAToken

It should have &redirect_uri=

I used the amazing examples at to get this to work without a reverse proxy in the past. (Thanks MS)

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,559 questions
1 vote

Accepted answer
  1. answered 2020-10-29T20:17:12.067+00:00
    Robert Litchfield 116 Reputation points

    Working with another coder on GitHub, the solution was found (

    The app must make use of a custom proxy fix as follows, and remove the one from Werkzeug.

    class CustomProxyFix(object):
        def __init__(self, app):
   = app
        def __call__(self, environ, start_response):
            environ['HTTP_HOST'] = ''
            environ['wsgi.url_scheme'] = 'https'
            return, start_response)
    app.wsgi_app = CustomProxyFix(app.wsgi_app)

    This issue can now be considered solved.

    No comments

0 additional answers

Sort by: Most helpful