I have seen the error message reply URL specified in the request does not match the reply URLs configured for the application so many times and the solution is in most of the cases straight forwards.
Issue
When you authenticate in an application that is integrated with Azure Active Directory, you get the error message:
Sorry, but we’re having trouble signing you in.
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application ‘xxx’
Cause
As the error message says, the reply URL or redirect URI used to connect to Azure Active Directory is not configured in the application registered in Azure Active Directory.
Troubleshooting
We need to find the URL that is being used for signing in to Azure Active Directory. We examine the URL that is being used during the authentication process:
We copy this URL and decode it using our favorite url decoder e.g. https://meyerweb.com/eric/tools/dencoder
https://login.microsoftonline.com/common/oauth2/authorize?client_id=2a703974-eef2-42c2-9def-9e696afa2146&response_type=code&redirect_uri=https://global.consent.azure-apim.net/redirect&resource=2a703974-eef2-42c2-9def-9e696afa2146&prompt=select_account&state=7459158e-0b9f-4f0a-96e9-2bf88e1535a8_europe-002
Notify in the decoded URL the cliend_id and the redirect_uri.
In case the signing in url is hidden, you can find it out with any network tracing tool by searching for “redirect_uri” or in some cases “reply_url”.
I prefer to trace the web requests with Fiddler:
Solution
To solve the error message, now that we have the redirect_uri or reply_url, we go to the App registrations in Azure Active Directory and search for the client ID.
We open the application registration and in the Authentication section we add the found redirect_uri as a new redirect URI.
Trying to authenticate again:
Voila, problem solved!
Radu Narita 