Azure App Service error: AADSTS50011: The reply address 'https://.azurewebsites.net/signin-oidc' does not match the reply addresses configured for the application:

  • Article

Overview

When you deploy an Azure Active Directory application that was working great locally you may get the following error when logging in:  AADSTS50011: The reply address 'https://<yourwebapp>.azurewebsites.net/signin-oidc' does not match the reply addresses configured for the application: 'c8a23e63-b4e3-4d10-9cf8-0fca55207424'. More details: not specified

This error would be specific to Azure App Services authentication (Easy Auth)

AADSTS50011: The reply address 'https://<yourwebapp>/.auth/login/aad/callback' does not match the reply addresses configured for the application: 'c8a23e63-b4e3-4d10-9cf8-0fca55207424'. More details: not specified 

How to fix this

This error says it all!  When you deploy your Active Directory Web app to Azure you need to ensure you add this URL to the Azure Active Directory application (or have someone with the permissions to manage you application in AD to this for you).

Go to the Azure portal: https://portal.azure.com sign in and click on the Azure Active Directory icon on the left. Then click on the ‘App registrations’ icon in the middle pane.  In the search box enter the application from the error message and choose ‘All apps’ from the dropdown:

 appregistration

Click on your application, then the Settings icon, select the ‘Reply URLs’ from the list.  Paste in the name of the reply URL from the error message you had and ‘Save’:

capture20180130145337489

Now you should be able to login with out that error message!

Conclusion

Just a quick blog but I hope it saves you some time!

Comments

  • Anonymous
    March 18, 2018
    The http://.azurewebsites.net/signin-oidc is the url that Azure AD will return an authorization code and/or token to correct? If so, why does it allow for this over http and not force https?
    • Anonymous
      March 20, 2018
      This is from ADAL not Azure AD. That is simply the design of the library.
  • Anonymous
    July 26, 2018
    Hi Jeff,We are integrating salesforce with power BI. Facing below issueAADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: '3d6e8944-5ce8-4c93-8c08-fd626ff05cf6'.As per your blog i understood how to fix this issue. But i don't have access to azure active directory. Queries---------1) Only administrator of that directory can add reply url.2) If for suppose administrator has included me in that directory. Can i view directory home page with read access.3) we have registered application in "https://dev.powerbi.com/apps". The same application do we need install/register in azure active directory by providing reply url. Please correct me if am wrongThanks in AdvanceRegardsNaveen
    • Anonymous
      August 02, 2018
      Hi Naveen,You need appropriate permissions in your subscription to make these changes. That can be assigned as a role by the subscription admin or owner. I do not know how PowerBI registration works, but I assume it is registered in the tenant and so you can apply the same logic in this blog to the power bi apps