question

rvdev-5089 avatar image
0 Votes"
rvdev-5089 asked VB-6181 commented

AD B2C - Invalid Redirect Uri

Hi There,

I'm having an issue authenticating using Azure Active Directory B2C using the Microsoft Identity Platform.

I'm trying to follow the tutorial here:
https://docs.microsoft.com/en-us/azure/active-directory-b2c/idp-pass-through-user-flow

In App Registrations I have added an application. For the "Who can use this application or access this API" I chose:

Accounts in any organizational directory or any identity provider. For authenticating users with Azure AD B2C.

I chose "Web" as the platform and for my redirect URI I set it to: https://jwt.ms

I created a secret.

It has the Microsoft Graph API permission and I also added my own under "Expose an API". I have added the API scope I created in API Permissions and granted admin consent.

Then

In Identity providers I select "Microsoft Account" and entered the client Id and client secret of the above app I registered.

Then

I proceeded to create a user flow and chose the v2 of the sign up/sign in. I selected "Microsoft Account" as the identity provider and also selected "Identity Provider Access Token" as one of the application claims to return.

I then clicked on "Run user flow" - the application I created was already selected, the reply URL was set as https://jwt.ms along with the correct resource and scope.

I clicked on the "Run user flow" button which opens a new browser tab with the following error:

invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application.

Thing is, my redirect URI in my registered app and the redirect uri is the same as what was in "run user flow"..

I'm sure I have either completely missed or misunderstood something but I can't figure out what and why I am getting that error? :-(

azure-ad-b2c
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I have same issue while configuring azure ad b2c with open id identity provider

0 Votes 0 ·

I have the exact samescenario.
I've created a new B2C directory and get the same results again.
If I use my Google provider for the same UserFlow, it goes to https://jwt.ms correctly.

All my settings are correct in each of my attempts.

0 Votes 0 ·

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered VB-6181 commented

Hi @rvdev-5089,

In this scenario, there are 2 applications with two different Redirect URIs involved.

  1. Microsoft account application: This is used when you authenticate using Microsoft account and after successful authentication it posts the response to B2C at https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp.

  2. Federated application: This is the application that is federated with Azure AD B2C and it's reply url (aka redirect uri) is where the token issued by B2C is posted.

Based on the information that you have shared, I am suspecting a problem with Microsoft Account application. Please verify if the redirect_uri is configured as per the above url.


Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @rvdev-5089 Have you had a chance to test it out?

0 Votes 0 ·

I am in similar situation here , I have added Azure AD as identity provider in the B2C.
I have used standard Signin flow. Login with local B2C account works but I get "AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '7033569d-0d15-4168-a647-9bbec107a2db'" error , Response is redirected to https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp. I don't know why. It was working couple of months back. Can you please help me here?

0 Votes 0 ·

@amanpreetsingh-msft could you please advise where we need to create the Microsoft account application with redirect uri - https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp?

I followed https://docs.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-user-flow and created recommended sign up and sign in flow. I chose Aure AD as identity provider. I am able to login successfully with Individual email id, but when I click on Sign in with Azure AD account, it gives me the same error 'invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application.'

Please advise if any other configuration missing as the above link doesn't mention about registering other app.

Thanks,
VB

0 Votes 0 ·

You need to distinguish between:


  • Microft account priovider access which you create within your B2C environment and

  • Azure Active Directory account which will be an OpenID Connect provider - refer to identity-provider-azure-ad-single-tenant - that providers application is create on the Azure Active directory and referenced as an OpenID connect identity provider on B2C - Signup and signin workflow: Identity provider




t


[2]: /answers/storage/attachments/120507-image.png

[3]: /answers/storage/attachments/120507-image.png

1 Vote 1 ·
image.png (6.7 KiB)
VB-6181 avatar image VB-6181 MohamedOsmanDeveloper-1116 ·

Thanks @MohamedOsmanDeveloper-1116 , I am able to sign in by creating new OpenID provider and OpenID Connect provider in Azure AD.

I have following query, the link you shared does sign in setup for Single Tenant within the organization. However, I have requirement to allow multiple tenants to login my B2C app using their Azure account.

I checked https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-multi-tenant?pivots=b2c-custom-policy to setup multi tenant, but it requires o create custom policy, is it possible to achieve it without creating custom policy?

Please advise.

Thanks.

0 Votes 0 ·
VB-6181 avatar image VB-6181 MohamedOsmanDeveloper-1116 ·

Thanks, this helped me resolve the login problem.

0 Votes 0 ·