Share via

How to configure API for Web app

it_admin 0 Reputation points
2025-10-23T06:38:30.6066667+00:00

I am trying to configure authentication using API to my web app but it keeps telling me I have issue with redirection URL

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ravi Teja M 540 Reputation points
    2025-10-23T07:40:51.06+00:00

    Hello,

    A redirection Uniform Resource Identifier (URI) mismatch error occurs because the URL specified in your web application's authentication request does not precisely match one of the redirect URIs registered with your Identity Provider (IdP), such as Microsoft Entra ID or Google. This is a critical security feature to prevent attackers from using your app to redirect user tokens to a malicious website. 

    Here are the most common causes for a redirection URL error and steps to troubleshoot the issue.

    1. The redirect URI does not match exactly

    An authentication provider validates redirect URIs with an exact string comparison. Even a single character difference—such as a missing slash or mismatched case—will cause the authentication request to fail. 

    To get and configure a redirect URI for a Microsoft provider, you need to use the Microsoft Entra admin center (formerly Azure Active Directory). The redirect URI, or reply URL, is the endpoint where the Microsoft identity platform sends security tokens after a user has authenticated. 

    Here is a step-by-step guide on how to get and register the redirect URI for your web application.

    Step 1: Register your application in Microsoft Entra ID

    1. Sign in to the Microsoft Entra admin center with an account that has permission to manage app registrations.
    2. In the left navigation panel, go to Identity > Applications > App registrations.
    3. Click New registration.
    4. Enter a display Name for your application.
    5. Specify who can use this application by selecting a Supported account type

    Step 2: Add the redirect URI

    1. On the "Register an application" page, locate the Redirect URI (optional) section.
    2. From the dropdown menu, select the platform type for your web app: Web, Single-page application (SPA), or Mobile and desktop applications.
    3. Enter the URL where your application is running. For a web app, this would be a public endpoint like https://contoso.com/auth-response. For local development, you can use a loopback address like https://localhost:3000.
    4. Click Register to create the application registration. 

    Step 3: View and manage your redirect URIs

    1. After registration, you will be taken to your application's overview page.
    2. In the left navigation menu, under "Manage," select Authentication.
    3. Under the "Platform configurations" section, you can view, add, or edit your redirect URIs.
    4. Click Add a platform to add another redirect URI for a different environment (e.g., development, staging, or production). 

    Best practices and limitations

    • Use https: For all production web apps, redirect URIs must begin with https, with the exception of localhost URIs used for development.
    • Case-sensitive: Redirect URIs are case-sensitive and must match the URL path of your running application exactly.
    • Avoid wildcards: Although sometimes supported for single-tenant apps, it is a security risk. It's recommended to register specific, absolute URIs.
    • Separate registrations: For development and production, use separate app registrations to avoid accidentally exposing development URIs in your production environment. 

    Regards,

    Raviteja M.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.