Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when redirecting to Graph API deployed to Azure Web Apps #741

Closed
YHgitaccount opened this issue Nov 10, 2023 · 3 comments
Closed

Error when redirecting to Graph API deployed to Azure Web Apps #741

YHgitaccount opened this issue Nov 10, 2023 · 3 comments
Labels
question Further information is requested

Comments

@YHgitaccount
Copy link

YHgitaccount commented Nov 10, 2023
edited
Loading

Microsoft.Identity.Web version

2.13.0

Web app sign-in

1-WebApp-OIDC/1-1-MyOrg

Web API (call Graph or downstream APIs)

2-WebApp-graph-user/2-1-Call-MSGraph

Deploy to Azure

5-WebApp-AuthZ/5-1-Roles

Auth Z

6-Deploy-to-Azure

Description

I am using the 2-1-CallMSGraph sample, but I am getting errors about redirects.
As a prerequisite, local sign-in worked fine.
This time, we are planning to configure the app to redirect and access https:.azurewebsites.net/xxx/signin-oidc to sign in and get Azure AD information.
Therefore, we have made the following changes to the AzureAd property in the appsetting.json file.

"AzureAd": {
    "Instance": "https://login.microsoftonline.com/",.
    "Domain": "<MyDomain>",.
    "ClientId": "<MyCrientId>", { "ClientId".
    
    "RedirectUri": "https://<MyAppName>.azurewebsites.net/xxx/signin-oidc", "RedirectUri". 
    "ClientCertificates": [
    ],.
    // the following is required to handle Continuous Access Evaluation challenges
    "ClientCapabilities": [ "cp1" ], "CallbackPath": [ ], //the following is required to handle Continuous Access Evaluation challenges
    //"CallbackPath": ""
  }, }
"DownstreamApi": {
    "BaseUrl": "https://graph.microsoft.com/v1.0", }, "DownstreamApi": {
    "Scopes": "user.read"
  }

Also, for Azure app authentication settings, as a redirect URI,
https:.azurewebsites.net/xxx/signin-oidc is registered.

Assuming the above, we deployed to Azure Web Apps. However, when I access the app, I get the following error
Error AADSTS50011 - The redirect URI "https:.azurewebsites.net/signin-oidc" specified in the request does not match the redirect URIs Make sure the redirect URI was sent.
Make sure the redirect URI sent in the request matches one added to your application in the Azure portal.
Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this.

Despite changing the redirect URI setting, the URI does not seem to match, as it is coming from https:.azurewebsites.net/signin-oidc.

https://learn.microsoft.com/ja-jp/troubleshoot/azure/active-directory/error-code-aadsts50011-redirect-uri-mismatch
I referred to the above and it says to set the redirect URI in Azure App Authentication, but I don't know why as I have already registered it.

Where in the source code or in the configuration file should I change the URI to https:.azurewebsites.net/xxx/signin-oidc instead of https:.azurewebsites.net/signin-oidc? in the source code or in the configuration file?

Translated with www.DeepL.com/Translator (free version)

Reproduction steps

  1. download samples
  2. redirect URI setting for Azure AD app
  3. modify appsettings.json
  4. deploy to Azure WebApps
  5. accessing the app

Error message

Error AADSTS50011 - The redirect URI "https:.azurewebsites.net/signin-oidc" specified in the request does not match the redirect URIs configured for the application .
Make sure the redirect URI sent in the request matches one added to your application in the Azure portal.
Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this.

Id Web logs

No response

Relevant code snippets

https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/2-WebApp-graph-user/2-1-Call-MSGraph

Regression

No response

Expected behavior

The ability to sign in without error when accessing https:.azurewebsites.net/xxx/signin-oidc.
@YHgitaccount YHgitaccount added the question Further information is requested label Nov 10, 2023
@jmprieur
Copy link
Contributor

@YHgitaccount :

  1. Don't change the redirect URI in the appsettings.json. The app knows already
  2. did you read this article?
    https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/6-Deploy-to-Azure

@YHgitaccount
Copy link
Author

@jmprieur

Thanks for your response.

Regarding 1,
In the "Update the redirect URLs" section of the reference link you commented on, there is the following statement: 5.
5. "If your application calls a web api, make sure to apply the necessary changes on the project appsettings.json, so it calls the published API URL instead of localhost."
I am aware that I need to change the URL to include the domain name of the Web Apps, is that correct?

Also, follow the "Update the redirect URLs" section of the same link,
Add "https://.azurewebsites.net" to the Redirect URL for the Azre AD app,
redirect_error

I registered the following two

  • https://.azurewebsites.net
  • https://.azurewebsites.net/xxx/signin-oidc

However, the situation did not change, so I checked the stack and races in developer mode and received the following error
image

Where else would be appropriate to check?
We would appreciate your comments as we are very troubled.

Translated with www.DeepL.com/Translator (free version)

@YHgitaccount
Copy link
Author

Here, I solved the problem by changing the root path in the application settings.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jmprieur @YHgitaccount