Azure function with Azure Active Directory aad failed with incorrect reply url

Question

I am trying to secure the Azure functions using Azure Active Directory following the note.

When the link https://xxxfunction1.azurewebsites.net/api/function1 is entered, the browser redirects to AAD:

https://login.microsoftonline.com/[tenent]/oauth2/authorize?response_type=id_token&redirect_uri=https%3A%2F%2Fxxxfunction1.azurewebsites.net%2F.auth%2Flogin%2Faad%2Fcallback&client_id=[client_id]&scope=openid+profile+email&response_mode=form_post&nonce=[nonce]state=redir%3D%252Fapi%252Ffunction1

and the error returns:

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application

The platform configurations in the AAD client:

The Authentication & Authorization in Azure function xxxfuntion1 is configured to AzureAD client xxxfunction1app:

The same error with Advanced mode:

Any idea why it says the error on the reply URL please?

No app config. Currently I am run xxxfunction1.azurewebsites.net/api/function1 from Chrome. — beewest
It seems the URL in the portal is correct. I will try to follow the link to reproduce the error later. — Pamela Peng
Hi @beewest,Please remove dot before auth in the url(i.e.,/.auth) of both app registration and code.Then please let us know the update — Hari Krishna

Carl Zhao Carl Zhao · Accepted Answer · 2020-12-18T08:04:49

Your error is very simple. Your redirect_uri is decoded as: https://xxxfunction1.azurewebsites.net/.auth/login/aad/callback, but you configure the redirect_uri in the AAD client as:https://xxxfunction1.azurewebsites.net/.auth/login/aad/callcack, so the response url does not match error, you only need to change callcack to callback.

Azure function with Azure Active Directory aad failed with incorrect reply url

2 Answers