invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application.

swapnil chaudhari 11 Reputation points

redirect_uri = api://*************{client_id}&scope=Sites.ReadWrite.All

When I try redirect_uri without api:// it gives me "AADSTS90102: 'redirect_uri' value must be a valid absolute URI."

What is wrong with url?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,188 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,591 Reputation points

    Hello @swapnil chaudhari ,

    Thanks for reaching out.

    A redirect URI, or reply URL, is the location where the authorization server sends the user once the app has been successfully authorized and granted an authorization code or access token.

    The following restrictions apply to redirect URIs:
    • The redirect URI must begin with the scheme https. There are some exceptions for localhost redirect URIs.
    • The redirect URI is case-sensitive. Its case must match the case of the URL path of your running application. For example, if your application includes as part of its path .../abc/response-oidc, do not specify .../ABC/response-oidc in the redirect URI. Because the web browser treats paths as case-sensitive, cookies associated with .../abc/response-oidc may be excluded if redirected to the case-mismatched .../ABC/response-oidc URL.

    Refer this article to know more about Redirect URI (reply URL) restrictions and limitations.

    Usually, following format URI api://* used with when you exposing an API not in the case of Reply URI as shown below:



    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more