Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
To sign in a user, your application must send a login request to the Microsoft Entra authorization endpoint, with a redirect URI specified as a parameter. The redirect URI is a critical security feature that ensures the Microsoft Entra authentication server only sends authorization codes and access tokens to the intended recipient.
Prerequisites
Add a redirect URI
A redirect URI is where the Microsoft identity platform sends security tokens after authentication. Redirect URIs are configured in Platform configurations in the Microsoft Entra admin center. For Web and Single-page applications, you need to specify a redirect URI manually. For Mobile and desktop platforms, you select from generated redirect URIs.
Follow these steps to configure settings based on your target platform or device:
In the Microsoft Entra admin center, in App registrations, select your application.
Under Manage, select Authentication.
Under Platform configurations, select Add a platform.
Under Configure platforms, select the tile for your application type (platform) to configure its settings.
Platform Configuration settings Example Web Enter the Redirect URI for a web app that runs on a server. Front channel logout URLs can also be added Node.js:
•http://localhost:3000/auth/redirect
ASP.NET Core:
•https://localhost:7274/signin-oidc
•https://localhost:7274/signout-callback-oidc(Front-channel logout URL)
Python:
•http://localhost:3000/getATokenSingle-page application Enter a Redirect URI for client-side apps using JavaScript, Angular, React.js, or Blazor WebAssembly. Front channel logout URLs can also be added JavaScript, React:
•http://localhost:3000
Angular:
•http://localhost:4200/iOS / macOS Enter the app Bundle ID, which generates a redirect URI for you. Find it in Build Settings or in Xcode in Info.plist.
Workforce tenant:
•com.<yourname>.identitysample.MSALMacOS
External tenant:
•com.microsoft.identitysample.ciam.MSALiOSAndroid Enter the app Package name, which generates a redirect URI for you. Find it in the AndroidManifest.xml file. Also generate and enter the Signature hash. Kotlin:
•com.azuresamples.msaldelegatedandroidkotlinsampleapp
.NET MAUI:
•msal{CLIENT_ID}://auth
Java:
•com.azuresamples.msalandroidappMobile and desktop applications Select this platform for desktop apps or mobile apps not using MSAL or a broker. Select a suggested Redirect URI, or specify one or more Custom redirect URIs Embedded browser desktop app:
•https://login.microsoftonline.com/common/oauth2/nativeclient
System browser desktop app:
•http://localhostSelect Configure to complete the platform configuration.
Redirect URI restrictions
There are some restrictions on the format of the redirect URIs you add to an app registration. For details about these restrictions, see Redirect URI (reply URL) restrictions and limitations.