AD B2C Registration App Redirect URI does not Work as it Should

Sander Koster 21 Reputation points
2022-01-26T17:15:30.66+00:00

I have a peculiar problem that has been bugging me for a while now. I have a B2C tenant set up with custom policies that uses a multi tenant AD connection as described in the MS docs here: Set up sign-in for multi-tenant Azure Active Directory using custom policies in Azure Active Directory B2C. The B2C tenant is linked to a PowerApps Portal using a web app that is registered within the B2C tenant.

The problem that I am having is that the registration app (that is registered in the parent AD tenant) does not work when I use the recommended redirect uri:
https://your-B2C-tenant-name.b2clogin.com/your-B2C-tenant-name.onmicrosoft.com/oauth2/authresp.

The error that I receive is:

`AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application`.  

I have found out however that the redirect uri does work when I replace: your-B2C-tenant-name.onmicrosoft.com with the directory ID of the B2C tenant.

Now I could be happy that this works and that the Portal (or B2C) gets the redirect uri that it expects but I am far from experienced in this field and so it feels like I am dodging the problem only temporarily.

As long as I don't understand why it works, I prefer to consider it as not working.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,566 questions
Azure Active Directory External Identities
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 22,296 Reputation points Microsoft Employee
    2022-01-26T23:21:56.603+00:00

    Hi @Sander Koster ,

    I understand that you are receiving the Reply URL error when you using the tenant name URL, but not when you use the directory ID URL.

    It sounds like this is happening due to a configuration on the web application side of things. The RedirectURI in the web app needs to exactly match what you have configured in the app registration. If the second RedirectURI works and the first one does not, that probably means that the second URI is configured in the web application and the other one isn't.

    For example, the web.config of this B2C sample is set to https://localhost:44316 , so the app registration also needs to be set to the same URL.

    If you've already confirmed that they match in both places, I would double-check that you are not running into any of the Redirect URI restrictions:
    https://learn.microsoft.com/en-us/azure/active-directory/develop/reply-url

    Let me know if this helps at all. If you share a screenshot of your portal configuration and your web app configuration I can help further troubleshoot.

    Thanks,

    Marilee

    1 person found this answer helpful.