How to fix “AADSTS90102: 'redirect_uri' value must be a valid absolute Uri.” error in Microsoft Graph

2
votes

Following this procedure: https://docs.microsoft.com/en-us/graph/auth-v2-user

I'm trying to get a refresh token from this microsoft end point: https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize

Using PostAsync method from System.Net.Http.HttpClient class from nuget (asp.net core 2.2) library, I'm able to get a response back with this error: "AADSTS90102: 'redirect_uri' value must be a valid absolute Uri.": https://i.imgur.com/LhP5kYf.png

I tried to set some redirect url in the Azure Portal including: https://automation.legroupeti.com/Configurations/GetRefreshToken/ https://automation.legroupeti.com/Configurations/GetRefreshToken https://automation.legroupeti.com/ https://automation.legroupeti.com

The post request is the following (Using PostAsync method from System.Net.Http.HttpClient class from nuget (asp.net core 2.2)): https://i.imgur.com/PI4mo8Y.png

Here are the configured redirect urls form the registred application in the Azure Portal: https://i.imgur.com/aqYDJhn.png

I expect a valid response from the endpoint. How do I configure the redirect_uri to be valid?

EDIT 1

I fixed the redirect_uri parameter.

3
asp.net-coreazure-active-directorymicrosoft-graph-apidotnet-httpclientrefresh-token

3 Answers

2
votes

You seem to be mixing the authorize and token endpoints.

If you want the user to authenticate, you have to redirect the user to that URL, not send a POST request to it. After the user returns to your app, you need to exchange the authorisation code for tokens. Documentation: https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-web-app-call-api-overview

If you want a token just for your app without user authentication, you need to call the token endpoint. Documentation: https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-overview

2
votes

From the screenshot, it appears that the URLEncoding is incorrect. The '/' character in the path should be encoded to %2F, while your code has %2. (After '.com' and before 'Configurations'.)

Also, have you considered the Authorization Provider from the SDK? https://docs.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS#AuthCodeProvider

0
votes

I was getting this error and for me the issue was that I was encoding the redirect_uri value in the post request to the /oauth2/v2.0/token endpoint. Notice how redirect_uri is not encoded in this request.

POST /{Tenant ID}/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
Cookie: {cookie}
Content-Length: 941

client_id={Application (client) ID}
&scope=https://graph.microsoft.com/mail.read
&redirect_uri=http://localhost/myapp/
&grant_type=authorization_code
&client_secret={secret}
&code={code}

I used the Postman sample provided by Microsoft to find the root cause.

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-access-token