Am building a self-hosted Django web-app which will be using identity https://github.com/rayluo/identity ( a wrapper library over MSAL) to fetch an OAuth token in order to get access to my tenant's resources (via MSGraph API calls)
I have downloaded the sample web-app from here https://github.com/Azure-Samples/ms-identity-python-webapp-django, authorized the app on my AzureAd tenant according to directions using
http://localhost:8080/redirect
as redirect URI .
Launching the app on my localhost I get the follwoing error:
Django version 5.0.3, using settings 'mysite.settings'
Starting development server at http://127.0.0.1:8080/
Quit the server with CONTROL-C.
Session data corrupted
redirect_uri mismatch: configured = http://localhost:8080/redirect, calculated = http://127.0.0.1:8080/redirect
[26/Mar/2024 10:53:19] "GET / HTTP/1.1" 200 715
Tried to change the URI on Azure AD to: http://127.0.0.1:8080/redirect
But apparently:
Tried to tunnel http between AzureAD and my localhost via ngrok. The server responds just fine with the login page:
but as soon as it loads I already see in the server logs that there is a an URI mismatch again:
Session data corrupted
redirect_uri mismatch: configured = https://6ae1-89-64-xx-xx.ngrok-free.app/redirect, calculated = http://6ae1-89-64-xx-xx.ngrok-free.app/redirect
[26/Mar/2024 10:34:47] "GET / HTTP/1.1" 200 730
Not Found: /favicon.ico
Note that in the above log message the URI assigned to the 'calculated' variable has had it's 's' dropped!
On the webpage I am still able to provide my user credentials, but receive this error page:
Python 3.10.5,
package versions:
Django==5.0.3
identity==0.6.0
msal==1.28.0
http://localhost:8080/redirect != http://127.0.0.1:8080/redirect ? Is this a bug or is there an idea behind this taht I am not aware of?
Where and why does MSAL drop the "s" from https from my redirect URI?
How can I fix this problem?
I used the same GitHub code and successfully signed in and signed out without any issues.
To fix the issue, I used the command below to run the application.
python manage.py runserver localhost:8000
.env :
POST_BUILD_COMMAND=python manage.py migrate
CLIENT_ID='<client_ID>'
AUTHORITY='https://<tenant_name>.b2clogin.com/<tenant_name>.onmicrosoft.com/<policy_name>'
REDIRECT_URI='http://localhost:8000/redirect'
SCOPE=User.ReadBasic.All
ENDPOINT=https://graph.microsoft.com/v1.0/users
SIGNUPSIGNIN_USER_FLOW='<policy_name>'
EDITPROFILE_USER_FLOW='<policy_name>'
RESETPASSWORD_USER_FLOW='<policy_name>'
I added the below URL in the Azure AD B2C Authentication as a Single-page Application as below:
http://localhost:8000/redirect
Output :
The Django project ran successfully as below:
C:\Users\xxxxxxxx\Downloads\ms-identity-python-webapp-django-main\ms-identity-python-webapp-django-main>python manage.py runserver localhost:8000
Watching for file changes with StatReloader
Performing system checks...
System check identified no issues (0 silenced).
March 27, 2024 - 16:45:07
Django version 5.0.3, using settings 'mysite.settings'
Starting development server at http://localhost:8000/
Quit the server with CTRL-BREAK.
Session data corrupted
[27/Mar/2024 16:45:27] "GET / HTTP/1.1" 200 710
[27/Mar/2024 16:46:33] "GET /redirect?state=BErLfztOxxxxxxxxxxx&client_info=eyJ1aWQixxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx HTTP/1.1" 302 0
[27/Mar/2024 16:46:33] "GET / HTTP/1.1" 200 759
[27/Mar/2024 16:46:52] "GET /logout HTTP/1.1" 302 0
[27/Mar/2024 16:46:53] "GET / HTTP/1.1" 200 710
Browser output :
I got the below output with the above URL and clicked on the Sign In button for sign in as below:
It redirected me to the below page, and I gave my B2C credentials for sign-in as below:
I successfully signed in and got the below page. I clicked on the Logout button to logout as below.