'How to fix "AADSTS90102: 'redirect_uri' value must be a valid absolute Uri." error in Microsoft Graph
Following this procedure: https://docs.microsoft.com/en-us/graph/auth-v2-user
I'm trying to get a refresh token from this microsoft end point: https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize
Using PostAsync method from System.Net.Http.HttpClient class from nuget (asp.net core 2.2) library, I'm able to get a response back with this error: "AADSTS90102: 'redirect_uri' value must be a valid absolute Uri.":
I tried to set some redirect url in the Azure Portal including:
https://automation.legroupeti.com/Configurations/GetRefreshToken/
https://automation.legroupeti.com/Configurations/GetRefreshToken
https://automation.legroupeti.com/
https://automation.legroupeti.com
The post request is the following (Using PostAsync method from System.Net.Http.HttpClient class from nuget (asp.net core 2.2)):
Here are the configured redirect urls form the registred application in the Azure Portal:
I expect a valid response from the endpoint. How do I configure the redirect_uri to be valid?
EDIT 1
I fixed the redirect_uri parameter.
Solution 1:[1]
You seem to be mixing the authorize and token endpoints.
If you want the user to authenticate, you have to redirect the user to that URL, not send a POST request to it. After the user returns to your app, you need to exchange the authorisation code for tokens. Documentation: https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-web-app-call-api-overview
If you want a token just for your app without user authentication, you need to call the token endpoint. Documentation: https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-overview
Solution 2:[2]
From the screenshot, it appears that the URLEncoding is incorrect. The '/' character in the path should be encoded to %2F, while your code has %2. (After '.com' and before 'Configurations'.)
Also, have you considered the Authorization Provider from the SDK? https://docs.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS#AuthCodeProvider
Solution 3:[3]
I was getting this error and for me the issue was that I was encoding the redirect_uri
value in the post request to the /oauth2/v2.0/token
endpoint. Notice how redirect_uri
is not encoded in this request.
POST /{Tenant ID}/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
Cookie: {cookie}
Content-Length: 941
client_id={Application (client) ID}
&scope=https://graph.microsoft.com/mail.read
&redirect_uri=http://localhost/myapp/
&grant_type=authorization_code
&client_secret={secret}
&code={code}
I used the Postman sample provided by Microsoft to find the root cause.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | |
Solution 2 | Paul Schaeflein |
Solution 3 |