Error AADSTS50011 with OpenID authentication: The redirect URI specified in the request does not match
Error AADSTS50011 with OpenID authentication: The redirect URI specified in the request does not match
This article describes a problem in which an AADSTS50011 error message is returned when you try to sign in to an application that uses OpenID Connect (OIDC)-based authentication with Azure Active Directory (Azure AD).
Symptoms
You receive the following error message when you try to sign in to an application that uses OIDC or OAuth2 authentication protocols with Azure AD:
Error AADSTS50011 – The redirect URI <Redirect URI> specified in the request does not match the redirect URIs configured for the application <AppGUID>. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this.
Cause
This error occurs if the redirect URI (reply URL) configured in the application (code) and the Azure AD app registration don’t match.
When a user accesses the application for authentication, the application redirects the user to Azure AD with a predefined redirect URI. Once the user is authorized successfully, Azure AD verifies the following values:
- The redirect URI sent from the application
- The redirect URI values in the registered application in Azure AD
If the redirect URI the application sent doesn’t match any of the redirect URIs in Azure AD, error AADSTS50011 will be returned. If the values match, Azure AD sends the user to the redirect URI.
Resolution
To fix the issue, follow these steps to add a redirect URI in Azure AD app registration.
- Copy the application ID from the error message. This is the ID of your application that has been registered in Azure AD.
- Go to the Azure portal. Make sure you sign in to the portal by using an account that has permissions to update Azure AD Application registration.
- Navigate to Azure Active Directory, select App registrations, locate the application registration by using the application ID, and then open the app registration page.You can also open the page directly by using the following links:
- If this app is owned by an organization (Azure AD tenant), use
https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Authentication/appId/<AppGUID>. - If this app is owned by your personal Microsoft (MSA) account, use
https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Authentication/appId/<AppGUID>/isMSAApp/true.
- If this app is owned by an organization (Azure AD tenant), use
- On the app registration page, select Authentication. In the Platform configurations section, select Add URI to add the redirect URI displayed in the error message to Azure AD.
- Save the changes and wait three to five minutes for the changes to take effect, and then send the login request again. You should now be able to sign in to the application. If you don’t see the Azure AD login page, try clearing the password cache from your browser or use InPrivate browsing.
So, that’s all in this blog. I will meet you soon with next stuff. Have a nice day!!!
Guys please don’t forget to like and share the post. Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them.
You can also share the feedback on below windows techno email id.
If you have any questions, feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.
