AD B2C Registration App Redirect URI does not Work as it Should

Question

AD B2C Registration App Redirect URI does not Work as it Should

Sander Koster 21

I have a peculiar problem that has been bugging me for a while now. I have a B2C tenant set up with custom policies that uses a multi tenant AD connection as described in the MS docs here: Set up sign-in for multi-tenant Azure Active Directory using custom policies in Azure Active Directory B2C. The B2C tenant is linked to a PowerApps Portal using a web app that is registered within the B2C tenant.

The problem that I am having is that the registration app (that is registered in the parent AD tenant) does not work when I use the recommended redirect uri:
https://your-B2C-tenant-name.b2clogin.com/your-B2C-tenant-name.onmicrosoft.com/oauth2/authresp.

The error that I receive is:

`AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application`.

I have found out however that the redirect uri does work when I replace: your-B2C-tenant-name.onmicrosoft.com with the directory ID of the B2C tenant.

Now I could be happy that this works and that the Portal (or B2C) gets the redirect uri that it expects but I am far from experienced in this field and so it feels like I am dodging the problem only temporarily.

As long as I don't understand why it works, I prefer to consider it as not working.

Answer 1

Hi @Sander Koster ,

I understand that you are receiving the Reply URL error when you using the tenant name URL, but not when you use the directory ID URL.

It sounds like this is happening due to a configuration on the web application side of things. The RedirectURI in the web app needs to exactly match what you have configured in the app registration. If the second RedirectURI works and the first one does not, that probably means that the second URI is configured in the web application and the other one isn't.

For example, the web.config of this B2C sample is set to https://localhost:44316 , so the app registration also needs to be set to the same URL.

If you've already confirmed that they match in both places, I would double-check that you are not running into any of the Redirect URI restrictions:
https://learn.microsoft.com/en-us/azure/active-directory/develop/reply-url

Let me know if this helps at all. If you share a screenshot of your portal configuration and your web app configuration I can help further troubleshoot.

Thanks,

Marilee

Sander Koster 21 Reputation points

2022-01-27T10:18:47.897+00:00

The RedirectURI in the registration app does indeed not match the configuration of the web app. In setting up the Portal, I was instructed to set the RedirectURI of the web app to the Redirect URL in the Portal. The RedirectURI of the registration app links to the B2C tenant (as instructed in the multi tenant AD article).

I have followed the instructions for setting up a multi tenant AD connection here: identity-provider-azure-ad-multi-tenant and set up the portal connection as instructed here: configure-azure-ad-b2c-provider-manual.

I have included multiple screenshots of my current settings below:

The screenshot of my registration app (including app id):

The screenshot of my web app (including app id):

The screenshot of my portal settings:

And finally the settings of my multi tenant claimsprovider (linking to the registration app's app id):

AD B2C Registration App Redirect URI does not Work as it Should

1 answer

Activity