0

I am currently using Microsoft adal angular for Azure active directory authentication and below if the configuration settings for the same.

MsAdalAngular6Module.forRoot({
    tenant: 'xxxxxxxxxxxxxxxxxxx',
    clientId: 'xxxxxxxxxxxxxxxxx',
      redirectUri: window.location.origin,
      endpoints: {
      "xxxxxxxx": "xxxxxxxxxxxxxx",
       },
      navigateToLoginRequestUrl: true,
      cacheLocation: 'localStorage',
      loadFrameTimeout: 60000

    }),

I have set reply URL as https://xxx.azurewebsites.net/ in Azure app registrations.

The above configuration works fine if I use https://xxx.azurewebsites.net/ and enter into the application. But when I use https://xxx.azurewebsites.net/dashboard and enter my credentials it is throwing the error mentioned in the subject and not allowing me to go in.

I know that the Azure has blocked wild card configurations in Active directory. Is there a way for me to configure the settings to successfully authenticate If I copy-paste any deep link from the application.

Any help would be really appreciated and thanks in advance.

bheem prakash
  • 21
  • 8

1 Answers1

1

When the redirect_uri in the authorization request mismatches the redirect url configured in Azure AD registrations, you will encounter this error.

So if you want to use https://xxx.azurewebsites.net/dashboard in your request, you should also add it as the redirect url of your Azure AD registrations.

Update:

Based on our discussion, you just need to specify the redirect URL in your code as the same url as what you have configured in your Azure AD app: https://xxx.azurewebsites.net to meet your requirement.

Allen Wu
  • 15,529
  • 1
  • 9
  • 20
  • Thanks for the answer. There are many modules in the application and adding all of them would actually exceed the threshold of 20 reply URL configuration. Is there any other way that I could do instead of registering all the URLs in the configuration. – bheem prakash Apr 20 '20 at 06:24
  • @bheemprakash Why do you have so many reply URLs need be configured? If they are in the same web application, you can redirect to them from within your application. Generally speaking, our application has a home page. You should configure the URL of the homepage as redirect url. The redirect url is the location where your application will be redirected to after the authorization. – Allen Wu Apr 20 '20 at 07:17
  • we are having a functionality where users assign tasks to themselves and an email is triggered as soon as this action is completed. This email has a link to the task that they have assigned to themselves which would directly navigate them to the particular module. For Ex- my application homepage- https://xxx.azurewebsites.net/home the URL that is sent in the notification - https://xxx.azurewebsites.net/item/1 since https://xxx.azurewebsites.net/item is not configured as a reply URL, I am facing this issue. Glad I could get some assistance from you as I am facing this issue for many days. – bheem prakash Apr 20 '20 at 10:42
  • @bheemprakash In my experience, if you are using MSAL, the default behavior is to redirect you to the previous page after signing in. You just need to put the main host as the redirect url. If you don't sign in currently and when you click on the link in the email, you will be asked to log in with your Azure AD credential. After you successfully sign in, the page should be redirected to the link you are trying to access, rather than the home page. See https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/238. – Allen Wu Apr 22 '20 at 05:38
  • Thank you so much for the clarification, I have kept the redirect URL to the home page and things started working as expected. Earlier I had kept windows.location.origin as redirect URL which was causing the issue. I wish I had the privilege to upvote your answer. – bheem prakash Apr 22 '20 at 09:00
  • @bheemprakash I'll update my answer about our discussion. You can accept it as answer( click on the check mark beside the answer to toggle it from greyed out to filled in.). See https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work. It's not upvote. This can be beneficial to other community members. Thank you. – Allen Wu Apr 22 '20 at 09:04