Share via

Microsoft Graph /invitations suddenly rejects http://localhost inviteRedirectUrl

Boyan Tomov 0 Reputation points
2026-05-29T20:04:20.0266667+00:00

Hello,

We use Graph POST /v1.0/invitations to invite external guest users into our Entra tenant. We use the B2B/external guest invitation flow, call Graph with a token, create the invitation, assign roles and let MS handle the invitation email.

This used to work fine locally, but as of yesterday (that's when we noticed it, at least), it stopped accepting https://localhost redirect URLs, it returns a 'The invite redirect URL field is invalid'. Anything with a certificate works, including random routes, so I don't think it's something we whitelist somewhere.

Have there been any changes and is anyone else experiencing this?

Microsoft Security | Microsoft Entra | Microsoft Entra External ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest

  1. AI answer

    2026-05-29T20:04:36.2866667+00:00

    inviteRedirectUrl for Microsoft Entra B2B invitations must be a valid redirect URI according to the platform’s redirect URI rules. For HTTP-based redirect URIs, only localhost is allowed to use the http:// scheme, and all non-localhost redirect URIs must use https://.

    The documented rules are:

    • https:// is supported for all HTTP-based redirect URIs.
    • http:// is supported only for localhost URIs and only for active local development and testing.
    • Examples:
      • https://contoso.com – valid
      • https://localhost – valid
      • http://contoso.com/... – invalid
      • http://localhost or http://localhost/abc – valid

    If http://localhost (or http://localhost:<port>/...) is now being rejected in inviteRedirectUrl, this indicates that the invitations API is enforcing stricter validation than the general redirect URI rules and is requiring https:// even for localhost. That aligns with the general guidance that HTTP redirect URIs should be used only for local dev and that production-style flows should use HTTPS.

    To get the invitations API working again:

    1. Change the inviteRedirectUrl to use https://localhost (optionally with a port and path), and ensure the local app is listening on that HTTPS endpoint.
    2. Avoid using http:// for inviteRedirectUrl, even for localhost, as it may now be treated as invalid by the invitations endpoint.

    There is no additional configuration or allowlist involved on the Entra side beyond using a redirect URL that conforms to these scheme rules.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.