25,081 questions
Why you need query string? Normally you should use state instead. Even it works, I guess the query string will be lost after redirect.
AD Redirect Url does not accept query parameters and gives mismatch error at login
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 3%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENH%3C/text%3E%3C/svg%3E)
Nour H
16
Reputation points
Hi
I know this has been asked a lot, but I couldn't find an answer to my specific case in the docs or forums.
I get the error of AADSTS50011 (Redirect Uri mismatch) when signing in to my app. I compare the two, the only mismatch is that the url that's being used in the app contains a Url parameter (eg. https://example.com?provider=microsoft).
The strange thing is that this error only appears in the case of an organization account, but when I use a personal account, the same redirect url above just works.
Is it something that I can control in Active Directory? Whether to accept query parameters in the redirect url or not?
Is there a way to make this work without removing the url parameters?
Here are the troubleshooting details:
Request Id: 4940f37c-d680-47fa-a024-cad9fb243600
Correlation Id: 3c494b9a-9d79-4ccf-a7f9-8524c7f60b9b
Timestamp: 2022-03-21T08:21:29Z
Thanks
Microsoft Security Microsoft Entra Microsoft Entra ID
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 57.00000000000001%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
Johannes Gest 5 Reputation points2023-11-10T12:49:42.0866667+00:00 I have the same problem and question.
Really weird that there is no information regarding this (I assume) very common problem when you have e.g. Analytics / cross domain selling or whatever enabled... query parameters are very very common and added sometimes automatically by third-party. Either it should be allowed or at least stated somewhere officially why it isn't possible / recommened / what ever...
This official article about this error doesn't cover this very important question.
Doesn't help either.
Sign in to comment
2 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 73%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELN%3C/text%3E%3C/svg%3E)
Lynn Niu 236 Reputation points2022-03-21T08:53:35.12+00:00 -
Nour H 16 Reputation points
2022-03-21T09:18:02.847+00:00 The app uses it to determine which login method is being used.
It is not lost in the case of a personal account
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 60%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EF%3C/text%3E%3C/svg%3E)
f0rward 0 Reputation points2024-10-16T12:59:52.25+00:00 We have the exact same issue with the Microsoft Identity middleware. As always with Microsoft libraries, they always give problems because they are never build with abstraction in mind.
For us the login type can be Google, MS, AzureAd etc. We need to know which one was used and looking at the URL referer or something is bad practice.
Using a Session to store this info is also not going to work for us in the sign-out process since we might use a global signed-out app redirecting to the original app you where visiting.
URL parameters are of utmost importance and they are being ignored.