0

After upgrading to MS Graph V.5, I'm trying make requests on behalf of the signed in user. as per the official documentation, this has to be using the AuthorizationCodeProvider. I keep getting the error: AADSTS500112: The reply address 'https://replyUrlNotSet' does not match the reply address 'https://localhost:44345/' provided when requesting Authorization code. I could not find a way to define the redirectUri while initializing the graph client, so I'm stuck here and cannot make any call on behalf of the user.

Details:

I created a new WebForm Web application (.net framework), and I enabled the Microsoft Identity. Then I added the package Microsoft.Graph to do a test.

First I initialized the GraphServiceClient using a Client credentials provider (on behalf of app) and it works.

Then I wanted to call on behalf of the signed user, but

        var scopes = new[] { "User.Read" };

        // Multi-tenant apps can use "common",
        // single-tenant apps must use the tenant ID from the Azure portal
        var tenantId = ConfigurationManager.AppSettings["ida:TenantId"];

        // Values from app registration
        var clientId = ConfigurationManager.AppSettings["ida:ClientId"];
        var clientSecret = ConfigurationManager.AppSettings["ida:ClientSecret"];

        // For authorization code flow, the user signs into the Microsoft
        // identity platform, and the browser is redirected back to your app
        // with an authorization code in the query parameters
        var authorizationCode = ClaimsPrincipal.Current.FindFirst(Constants.ClaimAuthorizationCode)?.Value; 

        // using Azure.Identity;
        var options = new TokenCredentialOptions
        {
            AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
            
        };

        // https://learn.microsoft.com/dotnet/api/azure.identity.clientsecretcredential
        var authCodeCredential = new AuthorizationCodeCredential(
            tenantId, clientId, clientSecret, authorizationCode, options);

        var graphClient = new GraphServiceClient(authCodeCredential, scopes);
        var user = await client.Me.GetAsync((requestConfiguration) =>
        {
            requestConfiguration.QueryParameters.Select = new string[] { AAD_SELECT_QUERY_FIELDS };
        });
omarmallat
  • 694
  • 2
  • 9
  • 20

1 Answers1

0

The reply URL should match with one of the configured redirect URLs in your app registration.

Developer
  • 31
  • 6
  • There is no parameter to specify the redirect URL, therefore the error says that I didn't specify it: `https://replyUrlNotSet` – omarmallat Mar 14 '23 at 05:13
  • Yes, there is. Attach `new AuthorizationCodeCredentialOptions() { RedirectUri = new Uri("https://...."), }` – Peter Ivan May 26 '23 at 08:44