ADAL invalid redirect uri

Question

Note: i'm using an experimental pre-release of microsoft's latest adal

I'm trying to get my identity providers to work on the mobile applications. So far I've been able to load my identity providers and managed to get the login page to show (except for facebook).

The problem is that whenever i actually try to login i'm getting some error in the form off "invalid redirect uri".

Google, for instance, will say: "The redirect URI in the request: https://login.microsoftonline.com/... did not match a registered redirect URI.

Facebook will show: "Given URL is not allowed by the application configuration: One or more of the given URLs is not allowed by the App's settings. It must match the website URL or Canvas URL, or the domain must be a subdomain of one of the App's domains."

As far as I understand you don't actually need to register the mobile application anymore with the different identity providers because Azure sits in between you and them. Azure handles the connection, gets your token and uses it to identify you. It should then return a set of "azure tokens" to you.

To my knowledge the used redirect URI is registered on the portal since I'm able to load the identity providers in the first place? Not to mention it seems to be a default URL that's used by many applications: urn:ietf:wg:oauth:2.0:oob which simply tells it to return it to some none-browser based application?

This is the code i'm using to actually do the login/signup:

private static String AUTHORITY_URL = "https://login.microsoftonline.com/<directory>/oauth2/authorize/";
    private static String CLIENT_ID = "my_client_id";
    private static String[] SCOPES = { "my_client_id" };
    private static String[] ADDITIONAL_SCOPES = { "" };
 private static String REDIRECT_URL = "urn:ietf:wg:oauth:2.0:oob";
    private static String CORRELATION_ID = "";
    private static String USER_HINT = "";
    private static String EXTRA_QP = "nux=1";
    private static String FB_POLICY = "B2C_1_<your policy>";
    private static String EMAIL_SIGNIN_POLICY = "B2C_1_SignIn";
    private static String EMAIL_SIGNUP_POLICY = "B2C_1_SignUp";

public async Task<AuthenticationResult> Login(IPlatformParameters parameters, bool isSignIn)
    {
        var authContext = new AuthenticationContext(AUTHORITY_URL, new TokenCache());

        if (CORRELATION_ID != null &&
                CORRELATION_ID.Trim().Length != 0)
        {
            authContext.CorrelationId = Guid.Parse(CORRELATION_ID);
        }

        String policy = "";
        if (isSignIn)
            policy = EMAIL_SIGNIN_POLICY;
        else
            policy = EMAIL_SIGNUP_POLICY;

        return await authContext.AcquireTokenAsync(SCOPES, ADDITIONAL_SCOPES, CLIENT_ID, new Uri(REDIRECT_URL), parameters, UserIdentifier.AnyUser, EXTRA_QP, policy);            

    }

microsoft's documentation isn't really helping because most are either empty (they're literally not yet typed out) or it's some help topic from over a year ago. This stuff is pretty new so documentation seems to be hard to come by.

So, dear people of stackoverflow, what am I missing? Why is it saying that the redirect urI is invalid when it's been registered on the azure web portal? And if the redirect URI is invalid why can I retrieve the identity providers in the first place?

Answer 1

why is it that i can't seem to find solutions after hours of searching, yet when i post a question here i somehow find the answer within minutes...

It was quite a stupid mistake at that, one of my collegues had sent me the wrong authority url. The funny thing is that it was correct "enough" to load the identity providers we had installed on the portal but not correct enough to handle actually signing in or up.

I initially used:

https://login.microsoftonline.com/<tenant_id>/oauth2/authorize/

where it should have been:

https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/authorize

You see that little "v2.0"? yeah that little bastard is what caused all the pain...