Share via

AD B2C - Invalid Redirect Uri

rv_dev 11 Reputation points
2020-05-25T23:31:08.727+00:00

Hi There,

I'm having an issue authenticating using Azure Active Directory B2C using the Microsoft Identity Platform.

I'm trying to follow the tutorial here:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/idp-pass-through-user-flow

In App Registrations I have added an application. For the "Who can use this application or access this API" I chose:

Accounts in any organizational directory or any identity provider. For authenticating users with Azure AD B2C.

I chose "Web" as the platform and for my redirect URI I set it to: https://jwt.ms

I created a secret.

It has the Microsoft Graph API permission and I also added my own under "Expose an API". I have added the API scope I created in API Permissions and granted admin consent.

Then

In Identity providers I select "Microsoft Account" and entered the client Id and client secret of the above app I registered.

Then

I proceeded to create a user flow and chose the v2 of the sign up/sign in. I selected "Microsoft Account" as the identity provider and also selected "Identity Provider Access Token" as one of the application claims to return.

I then clicked on "Run user flow" - the application I created was already selected, the reply URL was set as https://jwt.ms along with the correct resource and scope.

I clicked on the "Run user flow" button which opens a new browser tab with the following error:

invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application.

Thing is, my redirect URI in my registered app and the redirect uri is the same as what was in "run user flow"..

I'm sure I have either completely missed or misunderstood something but I can't figure out what and why I am getting that error? :-(

Microsoft Security | Microsoft Entra | Microsoft Entra External ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,871 Reputation points Moderator
    2020-05-26T10:33:40.327+00:00

    Hi @rv_dev ,

    In this scenario, there are 2 applications with two different Redirect URIs involved.

    1. Microsoft account application: This is used when you authenticate using Microsoft account and after successful authentication it posts the response to B2C at https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp.
    2. Federated application: This is the application that is federated with Azure AD B2C and it's reply url (aka redirect uri) is where the token issued by B2C is posted.

    Based on the information that you have shared, I am suspecting a problem with Microsoft Account application. Please verify if the redirect_uri is configured as per the above url.

    -----------------------------------------------------------------------------------------------------------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.