Azure function with Azure Active Directory aad failed with incorrect reply url

Question

I am trying to secure the Azure functions using Azure Active Directory following the note.

When the link https://xxxfunction1.azurewebsites.net/api/function1 is entered, the browser redirects to AAD:

https://login.microsoftonline.com/[tenent]/oauth2/authorize?response_type=id_token&redirect_uri=https%3A%2F%2Fxxxfunction1.azurewebsites.net%2F.auth%2Flogin%2Faad%2Fcallback&client_id=[client_id]&scope=openid+profile+email&response_mode=form_post&nonce=[nonce]state=redir%3D%252Fapi%252Ffunction1

and the error returns:

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application

The platform configurations in the AAD client:

The Authentication & Authorization in Azure function xxxfuntion1 is configured to AzureAD client xxxfunction1app:

The same error with Advanced mode:

Any idea why it says the error on the reply URL please?

Answer 1

Your error is very simple. Your redirect_uri is decoded as: https://xxxfunction1.azurewebsites.net/.auth/login/aad/callback, but you configure the redirect_uri in the AAD client as:https://xxxfunction1.azurewebsites.net/.auth/login/aad/callcack, so the response url does not match error, you only need to change callcack to callback.

Answer 2

Make sure that the URL matches exactly and double-check that the Application ID and tenant ID are matching. It might be trying to resolve to a different application or tenant.

The identifier URI should be: https://xxxfunction1.azurewebsites.net

Please go to Azure Portal > Azure Active Directory > App Registration > All Applications > Search with the App ID 6419ae-xxxx-xxxx-xxxx > Under Authentication blade of the application update the Redirect URI to ttps://xxxfunction1.azurewebsites.net/api/function1