1

I'm in the following situation: I have a nodejs application that uses the azure active folder authentication system through the passport-azure-ad module.

At the moment my reply url, the url that I registered on my portal and that I have set as redirectUrl in my passport strategy configuration, is https://localhost:3000/microsoft/auth. Everything works when I go through the authentication process from the machine that runs the server, but obviously fails from any other device after I sign in with my microsoft account and https://localhost:3000/microsoft/auth gets returned(to be more precise, the authentication goes well but the returned page doesn't load for obvious reasons).

If I change the redirectUrl in my passport strategy(I'm using OIDCStrategy) configuration to where the server is running, e.g. https://machine.that.runs.the.server:3000/microsoft/auth without first registering the url on the azure portal I get an error related to the reply/redirect url mismatching when I try to authenticate.

The reason why I don't want to register https://machine.that.runs.the.server:3000/microsoft/auth on the portal it's because I would like to be able to run the server from any machine and have any other machine connect to it and be correctly redirected after the authentication process, or at least on any machine in my office internal network.

So what I'm asking is if there is a way to either remove the reply/redirect url check or to have some kind of dynamic redirectUrl option where I can set the reply URL in my request. If none of those two can be done I would like to know if there is a way to register a reply URL from the portal that works for all the machines in my network like 10.3.144.x:3000/microsoft/auth.

Thanks in advance.

user3170923
  • 23
  • 5

1 Answers1

0

The wildcard approach could stop working anytime from now, since it's not available in the new version of the "App Registrations" part of the Azure Portal.

Jon commented about it below.
Another resource : https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Azure-AD-App-with-wild-card-reply-urls/m-p/305955/highlight/true#M2434

Which points to a SO thread providing insight on how to avoid using wildcards : Why is Redirect URL Fully Qualified in Azure AD B2C?

!Have you tried the wildcard approach described here ? https://paulryan.com.au/2016/azure-ad-app-wildcard-reply-url/

!It would mean declaring https://*/microsoft/auth (or https://*:3000/microsoft/auth, I'm not sure) in your Azure portal. I can confirm wildcards work in reply URLs: I use them.

Community
  • 1
  • 1
Christophe Cadilhac
  • 135
  • 1
  • 8
  • Wildcards are no longer supported in the new version of App registration currently in preview so do not depend on being able to use them in the near future. – Jon Feb 19 '19 at 12:57
  • Thanks for the heads-up @Jon. Do you have any link to a Microsoft announcement on this preview ? – Christophe Cadilhac Feb 20 '19 at 13:12
  • I found this out through the azure portal itself whilst setting one up. If you look in the active directory section you will see the preview version listed under the current one. When adding a reply URL it will list the criteria it must adhere to one of which is no wildcard characters. – Jon Feb 20 '19 at 22:32