azureoauth-2.0azure-active-directoryfastapiazure-authentication
fastapi azure auth redirect URI mismatch error
I keep getting below AADSTS50011 error even though I have already specified the correct redirect URI for the relevant app. Can you please provide guidance on resolving this issue? code snippet is attached below. Thank you.
from fastapi import FastAPI, Security
from fastapi.middleware.cors import CORSMiddleware
from fastapi_azure_auth import SingleTenantAzureAuthorizationCodeBearer
from pydantic.v1 import BaseSettings
from router.flight_router import flight_router
from router.user_router import user_router
class Settings(BaseSettings):
BACKEND_CORS_ORIGINS = ['http://localhost:8000']
OPENAPI_CLIENT_ID: str = "***"
APP_CLIENT_ID: str = "***"
TENANT_ID: str = "***"
SCOPE_DESCRIPTION: str = "***"
@property
def SCOPES(self) -> dict:
return {
'api://**/**': '**',
}
settings = Settings()
app = FastAPI(
swagger_ui_oauth2_redirect_url='/docs',
swagger_ui_init_oauth={
'usePkceWithAuthorizationCodeGrant': True,
'clientId': "***",
},
)
@app.on_event('startup')
async def load_config() -> None:
"""
Load OpenID config on startup.
"""
await azure_scheme.openid_config.load_config()
@app.get("/", dependencies=[Security(azure_scheme)])
async def welcome():
return {"message": "Welcome to Flight Reservation System"}
Solution
Thank you for the comment @PGHE.
I followed this Documentation for creating this project.
I faced an issue with authorization, so I used the command below to run the project.
uvicorn main:app --host localhost --port 8000
This helped me get the URL with localhost instead of the following URL: http://127.0.0.1:8000.
main.py
import uvicorn
from fastapi import FastAPI, Security
from fastapi.middleware.cors import CORSMiddleware
from fastapi_azure_auth import SingleTenantAzureAuthorizationCodeBearer
from pydantic import AnyHttpUrl
from pydantic_settings import BaseSettings
class Settings(BaseSettings):
BACKEND_CORS_ORIGINS: list[str | AnyHttpUrl] = ['http://localhost:8000']
OPENAPI_CLIENT_ID: str = "OpenApiIdClientId"
APP_CLIENT_ID: str = "AppClientId"
TENANT_ID: str = "TenantId"
SCOPE_DESCRIPTION: str = "scopeDescription"
@property
def SCOPE_NAME(self) -> str:
return f'api://{self.APP_CLIENT_ID}/{self.SCOPE_DESCRIPTION}'
@property
def SCOPES(self) -> dict:
return {
self.SCOPE_NAME: self.SCOPE_DESCRIPTION,
}
@property
def OPENAPI_AUTHORIZATION_URL(self) -> str:
return f"https://login.microsoftonline.com/{self.TENANT_ID}/oauth2/v2.0/authorize"
@property
def OPENAPI_TOKEN_URL(self) -> str:
return f"https://login.microsoftonline.com/{self.TENANT_ID}/oauth2/v2.0/token"
class Config:
env_file = '.env'
env_file_encoding = 'utf-8'
case_sensitive = True
settings = Settings()
app = FastAPI(
swagger_ui_oauth2_redirect_url='/oauth2-redirect',
swagger_ui_init_oauth={
'usePkceWithAuthorizationCodeGrant': True,
'clientId': settings.OPENAPI_CLIENT_ID,
'scopes': settings.SCOPE_NAME,
},
)
if settings.BACKEND_CORS_ORIGINS:
app.add_middleware(
CORSMiddleware,
allow_origins=[str(origin) for origin in settings.BACKEND_CORS_ORIGINS],
allow_credentials=True,
allow_methods=['*'],
allow_headers=['*'],
)
azure_scheme = SingleTenantAzureAuthorizationCodeBearer(
app_client_id=settings.APP_CLIENT_ID,
tenant_id=settings.TENANT_ID,
scopes=settings.SCOPES,
)
@app.on_event('startup')
async def load_config() -> None:
"""
Load OpenID config on startup.
"""
await azure_scheme.openid_config.load_config()
@app.get("/", dependencies=[Security(azure_scheme)])
async def root():
return {"message": "Hello World"}
if __name__ == '__main__':
uvicorn.run('main:app', reload=True)
I added the following URI in the App Redirect URI as shown below:
Output:
With the output URL above, I clicked on the Authorize button.
I got the page below and clicked on the Authorize button.
It redirected me to pick an account for signing in. Then, I selected my account as shown below:
Finally, I got the output below:
- How can I define compile time constants in bicep configuration language?
- Outlook calendar don't render with FullCalendar
- Azure functions decoding error for IotHub device connection state message schema
- How do I set scope in Azure API Manager (APIM) when using D_application_id
- How to mount multiple disks in a loop using ansible
- How can I get sub value in nested json via KQL?
- Azure .NET SDK: Scale Azure SQL databases through SDK
- How can I invoke Azure Trusted Signing from a Linux OS?
- How to transfer "Set Variable" activity output into Json file using "Copy Data" activity or any other options?
- Verify Microsoft Access token on my ASP.NET Core Web API
- I'm trying to install the package from a private Azure DevOps repository using the pip install command, but I'm encountering an error
- Unable to define the sites for an App Registration for SahrePoint with Site.Selected
- Check if the resource exists before using data
- Not able to see azure 'LifecyclePolicyCompleted event' log
- Direct Web Push gives Error when used from Notification Hub
- Azure Remove User Consent to API
- Flutter-Azure Deviops pipelineThe discrepancy between the number of tests reported as passed or failed in the pipeline output and the test report
- App_location on deployment of a static webapp
- MSINotEnabled - Can't use KeyVault Reference in Azure Function
- Reading values from a key value based file and passing these values to azure devops template
- Deleting an Azure Loadbalancer Frontend IP configuration from python?
- How to retrieve the front door id from a Microsoft CDN (classic)
- What is HEAD operation in CosmosDB reported in Azure Monitoring
- Deploying a Python App to Azure App Service with Github Actions
- How to Query User Access Logs for Azure Front Door
- How can I add email recipients to a Graph API request programmatically?
- How to create Azure Devops Service Connection Docker Registry Type Other
- Problem with CORS policy in React front end with FastAPI on the back trying to use Microsoft Single Sign-on
- Azure Document Intelligence Custom Classification Python API
- Azure Function App unaccounted for time in Application Insights Timeline