I already tried with other similar topics opened in the past for the same error, but mine is a bit different. the URI that I am trying to use for redirect is already registered in azure AD. let's say: https://api.mydomain.com
My application was deployed to a server with apache2 configured and it is using https by default.
However, the error message from Microsoft says: AADSTS50011: The redirect URI 'http://api.mydomain.com/signin-oidc' specified in the request does not match the redirect URIs configured for the application
And of course I see that the URL captured by microsoft takes the URL with HTTP from the request instead of taking the https URI. So this is causing the trouble because there is no any URI registered starting with http. Microsoft requires that URIs starts with HTTPS except for localhost URIs.
This is the code used in the appsettings file:
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "exaple.com",
"TenantId": "tenant-id",
"ClientId": "client-id",
"CallbackPath": "/signin-oidc",
"SignedOutCallbackPath": "/signout-callback-oidc"
}
Finally the solution for this case was to modify the app code by doing the following changes:
app.UseHttpsRedirection();
Use forwarded headers middleware:
app.UseForwardedHeaders(new ForwardedHeadersOptions { ForwardedHeaders = Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.XForwardedProto, });
Additionally, I performed some adjustments in apache server in the VirtualHost that handles requirements with port 80. This line was added:
Redirect permanent / "https://example.com/"
after those changes, the application was authenticated sucessfully against azure entra and the redirection was correct.