My website (.NET Core 3.1) is using an alias, dictated by company policy, to hide the internal server address from the outside world. But because of this, the signin fails, because the Identity code is picking up the real server name and sending that as the callback-path/reply address. I've tried over-riding the ProtocolMessage.RedirectUri address, as suggested here Microsoft Identity Web: Change Redirect Uri, which gets me closer, but an exception is still thrown at the last minute because the address sent doesn't match the address received.
MsalServiceException: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS500112: The reply address 'https://XXX/signin-oidc' does not match the reply address 'https://YYY/signin-oidc' provided when requesting Authorization code.
Is there no way to deal with this?
