Redirect URL does not match on azure

Question

I am building a django app which is hosted on azure web app service. I have used azure ad for authentication and to support that I have used MSAL library of python.

In localhost, I have been able to login using azure and view site data but cannot visit the site when application is deployed to azure web app. I am getting the following error.

I have used HTTP://localhos:8000/auth/redirect as redirect uri and using same for app deployed to azure web app: https://.azurewebsites.net/auth/redirect but it is not working and is showing the following error above.

I am using the following code provided from https://github.com/Azure-Samples/ms-identity-python-django-tutorial/tree/main/1-Authentication .

I do not what is the issue. Please help.

Edit:

I am not able to get a solution, I have added the same redirect URL to both azure and as well as in code.

https://appname.azurewebsites.net/auth/redirect

Here is a code on how I configured the redirect URL in inside code: This is aad.config.json file:

{
    "type": {
        "client_type": "CONFIDENTIAL",
        "authority_type": "SINGLE_TENANT",
        "framework": "DJANGO"
    },
    "client": {
        "client_id": "**",
        "client_credential": "*",
        "authority": "https://login.microsoftonline.com/*"
    },
    "auth_request": {
        "redirect_uri": null,
        "scopes": [],
        "response_type": "code"
    },
    "flask": null,
    "django": {
        "id_web_configs": "MS_ID_WEB_CONFIGS",
        "auth_endpoints": {
            "prefix": "auth",
            "sign_in": "sign_in",
            "edit_profile": "edit_profile",
            "redirect": "redirect",
            "sign_out": "sign_out",
            "post_sign_out": "post_sign_out"
        }
    }
}

this is the context_processors.py file:
 Python
from django.urls import reverse
from django.conf import settings

def context(request):
    claims = request.identity_context_data._id_token_claims
    exclude_claims = ['iat', 'exp', 'nbf', 'uti', 'aio', 'rh']
    claims_to_display = {claim: value for claim, value in claims.items() if claim not in exclude_claims}

    client_id=settings.AAD_CONFIG.client.client_id
    aad_link="https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Authentication/appId/" + client_id +"/isMSAApp/"

    
    return dict(claims_to_display=claims_to_display,
                redirect_uri_external_link = request.build_absolute_uri(reverse(settings.AAD_CONFIG.django.auth_endpoints.redirect)),
                aad_link=aad_link)

Answer 1

AADSTS50011 - The reply URL specified in the request does not match the reply URLs configured for the application

CAUSE: This error usually occurs when there is a mismatch between the reply URLs defined in the Azure portal and the reply URL the application is providing to Azure AD.

Azure AD only accepts saved reply URLs which are already defined in Azure Portal.

TO SOLVE:
To resolve this error, check(decode) the web address where you got an error while signing in. For that, copy the URL of that Microsoft login page and paste it in notepad. Observe the redirect URI and based on that, make sure to add that redirect URI in both code and in Azure portal registered URI.

Go to Azure Portal -> Azure AD -> App Registrations -> Your App -> Authentication -> Add a Platform -> Web

Check if you have redirect URI something like this -> https://yourappname.azurewebsites.net/signin-oidc for deployed azure web app.

For more information, go through the references below if they are helpful.

References:

How to authenticate in Django with Azure AD via django-microsoft-auth

https://learn.microsoft.com/en-us/azure/active-directory/develop/reply-url