How to configure HTTPS in redirect url?

[ian-cahila-maersk]

I tried deploying my app using Azure App Service, enabled HTTPS and the authentication is not working anymore. It shows the error below,

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '39b42c18-bab8-41cf-9a83-2329ba9b1dd2'.

I found out that the cause of the error was that the url I specified on the App Registrations is not the same with the redirect_url included in the link being constructed by msal. And I tried checking msal's code trying to understand how the url is being constructed and I saw this,

Image snipped from application.py

I'd like to ask help on how can I make this https instead of http? Thanks in advance for the insights.

[rayluo]

Sounds like your app is using acquire_token_interactive(), but that method is meant to be used by scripts/apps running in your local desktop. If you are going to deploy your app elsewhere, it is probably a web app and you'd need to use acquire_token_by_auth_code_flow(). Please refer to the samples in our map of "Scenarios supported".

[ian-cahila-maersk]

I'm using initiate_auth_code_flow, so is it any different? Btw, I have a workaround, I have explicitly changed the protocol for production use. I guess this will work. Tho I have encountered an error which I will raise in a different thread. Thanks!

[rayluo]

I'm using initiate_auth_code_flow, so is it any different?

Your earlier "Image snipped from application.py" was only from acquire_token_interactive(). I thought you had debugged it and traced it to there. Perhaps next time you can start your question by disclosing which sample you started your project with. :-)

Now it seems like you were implementing a web app (and our corresponding sample is available here). You are using initiate_auth_code_flow() and acquire_token_by_auth_code_flow() in pairs. In such a case, the redirect_uri is configured by app developer, MSAL does not make any change or pre-assumption (unlike MSAL does during acquire_token_interactive()). You may refer to the README of the aforementioned sample on how to configure the redirect_uri. And yes, your configuration in app needs to match your registration in Azure Portal.

[ian-cahila-maersk]

Oh my bad. I just had the idea that MSAL is using http and wanted to clarify that. I totally understood your point. As for the configuration, I already found the right configuration. Thanks for the insights!

[rayluo]

Quoting the answer from the conversation, so that we can mark it as the correct answer to help future audience.

Perhaps next time you can start your question by disclosing which sample you started your project with. :-)

Now it seems like you were implementing a web app (and our corresponding sample is available here). You are using initiate_auth_code_flow() and acquire_token_by_auth_code_flow() in pairs. In such a case, the redirect_uri is configured by app developer, MSAL does not make any change or pre-assumption (unlike MSAL does during acquire_token_interactive()). You may refer to the README of the aforementioned sample on how to configure the redirect_uri. And yes, your configuration in app needs to match your registration in Azure Portal.