Search code examples
azureasp.net-identityidentitymsal

.NET MAUI Browser Delegated Authentication redirect URL invalid


Followed the instructions here for browser-delegated authentication, steps completed under .NET MAUI including "Prepare tenant", "Create .NET MAUI app", and "Sign in and sign out". Code can be found here. As you can see in the images, the RedirectUrl in code matches what is in Azure under app registrations.

enter image description here enter image description here

However, after entering my email on the login screen and clicking next, I get an invalid_request error that the 'redirect_uri' is not valid.

enter image description here

Possibly related, when I attempt to test my user flow using these instructions, the option to "Run user flow" is missing. I think I meet the prerequisites. I've created the user flow and linked it to my app. How do I verify that my tenant is an external tenant?

enter image description here


Solution

  • You won't be having Run user flow option if you created user flow in normal Microsoft Entra tenant like this:

    enter image description here

    To resolve this, make sure to create external tenant by clicking this link and switch to newly created directory like this:

    enter image description here

    In this external tenant, create new app registration and add redirect URI in "Mobile & desktop applications" platform:

    enter image description here

    Now, create one user flow in this external tenant as below:

    enter image description here

    Make sure to assign previously created app registration to this user flow:

    enter image description here

    You can now run the user flow by clicking Run user flow button :

    enter image description here