0

Error says 'The reply URL specified in the request does not match the reply URLs configured for the application'.

I am able to sign in and access the application without any problem. I get this error only when I click on the link to access other pages before the initial page could load. If I give couple more seconds for initial page to successfully load and then access the rest of application, I am not able to reproduce this error (I am able to access the application). Is it possible to add other pages as well in the Azure Redirect URLs?

For eg: can I add "https://appname.azurewebsites.net/page2" , https://appname.azurewebsites.net/page3"(which would be the URL of other pages in the app) along with "https://appname.azurewebsites.net". So that when I press those pages before complete loading, there will not be error.

Can anyone point me where I am going wrong?

Sarahrb
  • 407
  • 11
  • 24

1 Answers1

1

Please check the below points:

  1. The reply url in azure ad app registration must be exactly match the one that is configured in the application, including the protocol.

And it is recommended to use https protocol in azure ad. So both urls (in app code aand in portal ) must have same protocol (ex:https://)

  1. As app has only one redirect url in code , that is valid to login .After login you can access other pages from code redirection based on role.

Multiple URLs can be added in azure ad portal but they must also be configured in code redirect urls.You can also add http://localhost when working locally.But they all redirect to original app (same page) if only one redirect uri is configured in code.

Otherwise to redirect to different pages , you may need to create new app registration for each and change the redirect uri to the page you need in code for that app.

  1. If you want every page to be accessible after login , you can make use of wild card url.

Ex: https://app.domain.com/*

Note: Wildcard URIs are currently unsupported in app registrations configured to sign in personal Microsoft accounts and work or school accounts. Wildcard URIs are allowed, however, for apps that are configured to sign in only work or school accounts in an organization's Azure AD tenant.( You can set through manifest editor ). see Redirect URI restrictions | Microsoft Docs.

But also look into this Avoiding wildcard reply URLs with MSAL.js - Joonas W's blog

References:

  1. Cannot set HTTP URI in redirect URI on Azure AD Web App - Stack Overflow
  2. Web.config redirects with rewrite rules - https, www, and more | elmah.io
  3. web-config-redirects-with-rewrite-rules
kavyaS
  • 8,026
  • 1
  • 7
  • 19
  • Thank you for the detailed reply, I reconfirmed that the reply URL is exactly same as the one used in my application. Do you have an idea why this error occurs only when I try accessing other pages when the initial landing page is still loading. – Sarahrb Nov 25 '21 at 14:55
  • 1
    what i think is the page that is redirected after azure ad login is the redirect uri that must match the app url.So without that being completely loaded, it might not be able to access other pages of that app . – kavyaS Nov 25 '21 at 15:08
  • You are rite, landing page matches the app URL. Then I need to prevent clicking on link or disable link until page loads. – Sarahrb Nov 25 '21 at 21:35
  • I figured its a browser problem. This problem was happening only on safari browser since it double loads the redirected URL (from Azure AD login page). Other browsers and Android loads fine, which is why this error couldn't be reproduced in those browsers. – Sarahrb Nov 29 '21 at 09:40