AD B2C Registration App Redirect URI does not Work as it Should

Sander Koster 26 Reputation points
2022-01-26T17:15:30.66+00:00

I have a peculiar problem that has been bugging me for a while now. I have a B2C tenant set up with custom policies that uses a multi tenant AD connection as described in the MS docs here: Set up sign-in for multi-tenant Azure Active Directory using custom policies in Azure Active Directory B2C. The B2C tenant is linked to a PowerApps Portal using a web app that is registered within the B2C tenant.

The problem that I am having is that the registration app (that is registered in the parent AD tenant) does not work when I use the recommended redirect uri:
https://your-B2C-tenant-name.b2clogin.com/your-B2C-tenant-name.onmicrosoft.com/oauth2/authresp.

The error that I receive is:

`AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application`.  

I have found out however that the redirect uri does work when I replace: your-B2C-tenant-name.onmicrosoft.com with the directory ID of the B2C tenant.

Now I could be happy that this works and that the Portal (or B2C) gets the redirect uri that it expects but I am far from experienced in this field and so it feels like I am dodging the problem only temporarily.

As long as I don't understand why it works, I prefer to consider it as not working.

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,628 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,297 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 33,621 Reputation points Microsoft Employee
    2022-01-26T23:21:56.603+00:00

    Hi @Sander Koster ,

    I understand that you are receiving the Reply URL error when you using the tenant name URL, but not when you use the directory ID URL.

    It sounds like this is happening due to a configuration on the web application side of things. The RedirectURI in the web app needs to exactly match what you have configured in the app registration. If the second RedirectURI works and the first one does not, that probably means that the second URI is configured in the web application and the other one isn't.

    For example, the web.config of this B2C sample is set to https://localhost:44316 , so the app registration also needs to be set to the same URL.

    If you've already confirmed that they match in both places, I would double-check that you are not running into any of the Redirect URI restrictions:
    https://learn.microsoft.com/en-us/azure/active-directory/develop/reply-url

    Let me know if this helps at all. If you share a screenshot of your portal configuration and your web app configuration I can help further troubleshoot.

    Thanks,

    Marilee

    1 person found this answer helpful.