Trouble signing in & AADSTS50011 The reply URL specified in the request does not match the reply URLs configured for the application

I have seen the error message reply URL specified in the request does not match the reply URLs configured for the application so many times and the solution is in most of the cases straight forwards.

Issue

When you authenticate in an application that is integrated with Azure Active Directory, you get the error message:

Sorry, but we’re having trouble signing you in.

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application ‘xxx’

Cause

As the error message says, the reply URL or redirect URI used to connect to Azure Active Directory is not configured in the application registered in Azure Active Directory.

Troubleshooting

We need to find the URL that is being used for signing in to Azure Active Directory. We examine the URL that is being used during the authentication process:

We copy this URL and decode it using our favorite url decoder e.g. https://meyerweb.com/eric/tools/dencoder

Decoded URL:
https://login.microsoftonline.com/common/oauth2/authorize?client_id=2a703974-eef2-42c2-9def-9e696afa2146&response_type=code&redirect_uri=https://global.consent.azure-apim.net/redirect&resource=2a703974-eef2-42c2-9def-9e696afa2146&prompt=select_account&state=7459158e-0b9f-4f0a-96e9-2bf88e1535a8_europe-002

Notify in the decoded URL the cliend_id and the redirect_uri.

In case the signing in url is hidden, you can find it out with any network tracing tool by searching for “redirect_uri” or in some cases “reply_url”.

I prefer to trace the web requests with Fiddler:

Solution

To solve the error message, now that we have the redirect_uri or reply_url, we go to the App registrations in Azure Active Directory and search for the client ID.

We open the application registration and in the Authentication section we add the found redirect_uri as a new redirect URI.

Trying to authenticate again:

Voila, problem solved!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s