Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug report: Browser login error: The redirect URI specified in the request does not match the redirect URIs configured for the application #6399

Open
daviewales opened this issue Oct 2, 2024 · 2 comments
Open

Bug report: Browser login error: The redirect URI specified in the request does not match the redirect URIs configured for the application #6399

daviewales opened this issue Oct 2, 2024 · 2 comments
Labels
bug

Comments

@daviewales
Copy link

daviewales commented Oct 2, 2024
edited
Loading

Priority

(Medium) I'm annoyed but I'll live

Skip to the end for a workaround.

Description

I've setup a new Entra App Registration as described in the docs.

I've then run m365 setup, and configured it to use interactive login.

When I run m365 login, my browser opens a tab at https://login.microsoftonline.com, but I get an error stating that the redirect URI specified in the request does not match the redirect URI configured for the application.

Steps to reproduce

I have confirmed that all the app registration configuration settings exactly match the description in the documentation:
https://pnp.github.io/cli-microsoft365/user-guide/using-own-identity/#configure-authentication-settings

The platform is Mobile and Desktop Applications.

The redirect URI is set to:
https://login.microsoftonline.com/common/oauth2/nativeclient

And Allow Public Client flows is set to 'Yes'.

I have tried selecting a bunch of different options in m365 setup, but I always end up in the same place, with the non-matching redirect URI error above.

Expected results

I expect the login to succeed.

Actual results

Error:

AADSTS50011: The redirect URI 'http://localhost:58946' specified in the request does not match the redirect URIs configured for the application 'abc-123-example'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this.

Diagnostics

m365 login --authType browser --debug
Executing command login with options {"options":{"output":"json","debug":true,"verbose":false,"authType":"browser","cloud":"Public"}}
Executing command as 'user@example.com', appId: abc-123-example, tenantId: xyz-456-example
Logging out from Microsoft 365...
Signing in to Microsoft 365...
No token found for resource https://graph.microsoft.com.
[Wed, 02 Oct 2024 01:49:15 GMT] : [] : @azure/msal-node@2.13.1 : Info - getTokenCache called
[Wed, 02 Oct 2024 01:49:15 GMT] : [] : @azure/msal-common@14.14.2 : Info - CacheManager:getIdToken - Returning ID token
Retrieving new access token using interactive browser session...
Redirect URL:
https://login.microsoftonline.com/xyz-456-example/oauth2/authorize?response_type=code&client_id=abc-123-example&redirect_uri=http://localhost:59779&state=123456&resource=https://graph.microsoft.com&prompt=select_account

To sign in, use the web browser that just has been opened. Please sign-in there.

CLI for Microsoft 365 version

v9.0.0

nodejs version

bun.sh: 1.1.20

Operating system (environment)

Windows

Shell

PowerShell

cli doctor

{
  "os": {
    "platform": "win32",
    "version": "Windows 11 Pro",
    "release": "10.0.22631"
  },
  "cliVersion": "9.0.0",
  "nodeVersion": "v22.3.0",
  "cliAadAppId": "7228c4a0-e110-4966-9886-ba018d4aab45",
  "cliAadAppTenant": "single",
  "authMode": "deviceCode",
  "cliEnvironment": "",
  "cliConfig": {
    "autoOpenLinksInBrowser": false,
    "copyDeviceCodeToClipboard": false,
    "output": "json",
    "printErrorsAsPlainText": false,
    "prompt": false,
    "showHelpOnFailure": false,
    "showSpinner": false,
    "helpMode": "options",
    "authType": "browser",
    "clientId": "7228c4a0-e110-4966-9886-ba018d4aab45",
    "tenantId": "5722662b-7985-4a0d-8868-deee2e111dcd",
    "clientSecret": "",
    "clientCertificateFile": "",
    "clientCertificateBase64Encoded": "",
    "errorOutput": "stdout"
  },
  "roles": [],
  "scopes": {
    "https://graph.microsoft.com": [
      "User.Read",
      "profile",
      "openid",
      "email"
    ]
  }
}

Additional Info

Workaround

I can successfully login if I force it to use deviceCode login rather than browser login. This works:

m365 login --authType deviceCode

This doesn't work (and is also the default when using m365 login):

m365 login --authType browser
@daviewales daviewales added the bug label Oct 2, 2024
@milanholemans
Copy link
Contributor

Hi @daviewales, sorry to hear that CLI is not working properly for you.
Just to fully understand the issue, is this what you did?

  1. Create Entra application registration by hand
  2. Run m365 cli setup, choose for existing app registration & interactive scripting
  3. Run m365 login

This results in an error?

@daviewales
Copy link
Author

Yes, that's exactly right.
I can get it to work if I use --authType deviceCode. But I get the error if I use the default browser login.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daviewales @milanholemans