-
Notifications
You must be signed in to change notification settings - Fork 21.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wildcard in redirect URI seems to be unsupported even for "signInAudience": "AzureADMyOrg" #94968
Comments
@jlian Thanks for your feedback. Could you please specify what value you are passing in redirect URI? |
I'm trying to do |
@jlian Wildcards are allowed in redirect URI to sign in with work or school accounts. A wildcard ‘*’ should represents a valid tokens sequence and jointed by specific flag ‘.’ or ‘/’. Belows examples are accepted as valid URLs: |
Thanks, the manifest update goes through, but I can't get it to work. The URL I have now is Patterns I've tried in the reply URL:
I always get "AADSTS50011: The redirect URI 'https://static-string-4.centralus.1.azurestaticapps.net/.auth/login/aad/callback' specified in the request does not match the redirect URIs configured for the application" |
As this is not documented related issue. So, closing this issue here. |
Sorry, I don't understand how this isn't a documentation issue. Shouldn't we make it clear in the docs how the user would add wildcards in the redirect URI? BTW, after several hours of trial and error I got it to work with one pattern:
The first part cannot have any other characters at all. This is all currently undocumented. |
@shwetamathur7 please reopen this issue as docs updates are still needed |
I am running into this problem as well. The documentation states:
However, I have been unable to get this to work in any capacity. |
Having the same issue, already tried a lot of the options here. Interestingly *.tld is accepted but adding a known subdomain with wildcard apex domain seems not to be |
Same issue here. Wildcard redirect uris are not working. I'm using the https://*.example.com/login/callback structure and even that is not working. |
This is the only solution that worked. |
@jlian thanks for persevering with this! I would've been totally stumped had it not been for this issue. Really ought to be reopened and the docs updated. |
This should be re-opened, as it's not possible to add wildcard using portal UI, it is possible only by manual updating the manifest file, and there is NO any information on the MS Documentation related to this. https://learn.microsoft.com/en-us/azure/active-directory/develop/reply-url Wildcard URIs are currently unsupported in app registrations configured to sign in personal Microsoft accounts and work or school accounts. Wildcard URIs are allowed, however, for apps that are configured to sign in only work or school accounts in an organization's Microsoft Entra tenant. So those two sentances already contradict each other. Also, why you don't simple change the validation in the Azure Portal UI to allow adding wildcards for organization's Microsoft Entra tenant? |
In the article it says
I tried doing this and I would get an error "Error detail: Invalid value specified for property 'replyUrlsWithType' of resource 'Application'. "
I checked and my app registration has
"signInAudience": "AzureADMyOrg"
. Am I doing something wrong or is the documentation now outdated? I need to do this for the same reason as this StackOverflow post, so that I can get it to work with my CI/CD pipeline.Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: