Share via

What does it mean when a service principal has multiple reply URLs?

Ity 61 Reputation points
2021-05-06T10:05:42.21+00:00

Does it mean that the access token will be sent to all of these URLs?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,876 Reputation points Moderator
    2021-05-13T07:22:37.803+00:00

    Hi @Ity · In addition to what PramodValavala-MSFT shared, Azure AD checks the reply url mentioned in the authentication request and validates that against the Reply URLs (Redirect URIs) registered in the app. If it matches with one of the Reply URLs registered in the app, it posts the token to that URL. Otherwise, it fails with reply url mismatch error. In a given authentication request there can be only one reply url at a time and token is not posted to every registered Reply URLs in response to an authentication request.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pramod Valavala 20,656 Reputation points Microsoft Employee Moderator
    2021-05-13T07:01:54.793+00:00

    @Ity The Reply URL is the location which one gets redirected to post successful authentication. This URL is required when redirecting to the authorization server in the first place and is checked against a list of known reply URLs before redirecting the user back.

    All OAuth 2.0 and OpenID Connect Protocols involving redirecting to the authorization server require a redirect URI to be passed which is validated against this configured list.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.