search

AzureAD / azure-activedirectory-library-for-js

The code for ADAL.js and ADAL Angular has been moved to the MSAL.js repo. Please open any issues or PRs at the link below.
https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/maintenance/adal-angular
Apache License 2.0
627 stars 374 forks source link

AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application #856

Closed rohitbankia closed 4 years ago

rohitbankia commented 5 years ago

I'm submitting a...


[ ] Regression (a behavior that used to work and stopped working in a new release)
[ ] Bug report  
[ ] Performance issue
[ ] Feature request
[x] Documentation issue or request
[ ] Other... Please describe:

Browser:

Library Name

Library version

Library version: 1.0.17

Current behavior

When the user is idle and is logged out and refreshes the page then the user is asked to login and the redirect url is by default the last url from where the login request was made. after login the user is not able to see the page and this error comes up saying the url is not configured as part of reply url in Azure. I tried using the redirect url in the code but still the url has the last url from which the login request was made. (redirect_uri=https%3A%2F%2Flocalhost%3A4200%2Ffe%2F001) but in code redirectUri: window.location.origin + '/home' Do we need to configure each and every possible URL of the application as reply URL in Azure AD as it does not support wild card? I might be missing any steps in development or missing configurations. Any help would be great as its been days but did not find any solution. Thanks

Expected behavior

For any web application this scenario is valid and after login after timeout the user should be in the same page he was before

Minimal reproduction of the problem with instructions

Log in to the application with Azure AD Navigate to any random valid URL of the application Be idle for the time you are logged out (15-20 mins) Refresh the page and it will ask you to login again and redirect url will have the last url from which login was requested

Kalyan-Basa commented 5 years ago

Probably, you could make use of postLogoutRedirectUri property in configuration.

For Ex: { "tenant": "xxxxxxxxxxxxxxxxxxxxxx", "clientId": "xxxxxxxxxxxxxxxxxxxxxx", "redirectUri": "xxxxxxxxxxxxxxxxxxxxxx", "postLogoutRedirectUri": "http://localhost:4200/" }

Session is timed-out or user logs out intentionally, app will be redirect to the URL specified on postLogoutRedirectUri that way we need not specify each reply URL.

However, user has to navigate back to manually to intended page.

Hope this helps.

rohitbankia commented 5 years ago

by default postLogoutRedirectUri takes the value of redirectUri which is fine for me. i tried giving both but it goes in a loop are these values correct or need to give it as a static one? redirectUri: window.location.origin + '/home', postLogoutRedirectUri: window.location.origin

Kalyan-Basa commented 5 years ago

I would suggest you to use the static one

jmckennon commented 4 years ago

If this is still an issue, can you please provide some more information? Like the configuration you're passing into AuthenitcationContext. These redirects also have to be registered in Azure, yes.

Additionally, that redirect loop is a known bug in adal js, and is fixed in msal js. adal js is still supported only for security fixes. All current authentication work from Microsoft is delivered through the msal js library here. We recommend moving to msal js for any advanced feature requests and bugfixes.

jmckennon commented 4 years ago

Closing this as we're assuming this is no longer an issue. Again, we recommend everyone to switch to msal js here for better features and bugfixes.