MSAL: Session data corrupted - redirect_uri mismatch

Question

Am building a self-hosted Django web-app which will be using identity https://github.com/rayluo/identity ( a wrapper library over MSAL) to fetch an OAuth token in order to get access to my tenant's resources (via MSGraph API calls)

I have downloaded the sample web-app from here https://github.com/Azure-Samples/ms-identity-python-webapp-django, authorized the app on my AzureAd tenant according to directions using

http://localhost:8080/redirect

as redirect URI .

Launching the app on my localhost I get the follwoing error: 
Django version 5.0.3, using settings 'mysite.settings'
Starting development server at http://127.0.0.1:8080/
Quit the server with CONTROL-C.

Session data corrupted
redirect_uri mismatch: configured = http://localhost:8080/redirect, calculated = http://127.0.0.1:8080/redirect
[26/Mar/2024 10:53:19] "GET / HTTP/1.1" 200 715

Tried to change the URI on Azure AD to: http://127.0.0.1:8080/redirect But apparently:

Tried to tunnel http between AzureAD and my localhost via ngrok. The server responds just fine with the login page:

but as soon as it loads I already see in the server logs that there is a an URI mismatch again:

Session data corrupted
redirect_uri mismatch: configured = https://6ae1-89-64-xx-xx.ngrok-free.app/redirect, calculated = http://6ae1-89-64-xx-xx.ngrok-free.app/redirect
[26/Mar/2024 10:34:47] "GET / HTTP/1.1" 200 730
Not Found: /favicon.ico

Note that in the above log message the URI assigned to the 'calculated' variable has had it's 's' dropped!

On the webpage I am still able to provide my user credentials, but receive this error page:

---

Python 3.10.5,
package versions:

Django==5.0.3
identity==0.6.0
msal==1.28.0

---

At this point my questions are:

1. http://localhost:8080/redirect != http://127.0.0.1:8080/redirect ? Is this a bug or is there an idea behind this taht I am not aware of?

2. Where and why does MSAL drop the "s" from https from my redirect URI?

3. How can I fix this problem?

Answer 1

I used the same GitHub code and successfully signed in and signed out without any issues.

To fix the issue, I used the command below to run the application.

python manage.py runserver localhost:8000 

.env :

POST_BUILD_COMMAND=python manage.py migrate

CLIENT_ID='<client_ID>'

AUTHORITY='https://<tenant_name>.b2clogin.com/<tenant_name>.onmicrosoft.com/<policy_name>'

REDIRECT_URI='http://localhost:8000/redirect'

SCOPE=User.ReadBasic.All

ENDPOINT=https://graph.microsoft.com/v1.0/users  

SIGNUPSIGNIN_USER_FLOW='<policy_name>'
EDITPROFILE_USER_FLOW='<policy_name>'
RESETPASSWORD_USER_FLOW='<policy_name>'

I added the below URL in the Azure AD B2C Authentication as a Single-page Application as below:

http://localhost:8000/redirect

Output :

The Django project ran successfully as below:

C:\Users\xxxxxxxx\Downloads\ms-identity-python-webapp-django-main\ms-identity-python-webapp-django-main>python manage.py runserver localhost:8000      
Watching for file changes with StatReloader
Performing system checks...

System check identified no issues (0 silenced).
March 27, 2024 - 16:45:07
Django version 5.0.3, using settings 'mysite.settings'
Starting development server at http://localhost:8000/
Quit the server with CTRL-BREAK.

Session data corrupted
[27/Mar/2024 16:45:27] "GET / HTTP/1.1" 200 710
[27/Mar/2024 16:46:33] "GET /redirect?state=BErLfztOxxxxxxxxxxx&client_info=eyJ1aWQixxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx HTTP/1.1" 302 0
[27/Mar/2024 16:46:33] "GET / HTTP/1.1" 200 759
[27/Mar/2024 16:46:52] "GET /logout HTTP/1.1" 302 0
[27/Mar/2024 16:46:53] "GET / HTTP/1.1" 200 710

Browser output :

I got the below output with the above URL and clicked on the Sign In button for sign in as below:

It redirected me to the below page, and I gave my B2C credentials for sign-in as below:

I successfully signed in and got the below page. I clicked on the Logout button to logout as below.