UWP Reply URL Incorrect

[patrick-robin]

Following the instructions for the Basic sample configured for a single tenant I get the following error when authenticating within the UWP "AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application".

To get the application to work I had to add a new redirect uri to my app registration with the uri: ms-app://xxxxxxx. Am I missing a step in the configuration somewhere or has there been a change in the implementation that means the documentation needs to be updated?

[aiwangmicrosoft]

Hi Patrick, in the sample I'm seeing step #6 at this link suggest selecting the redirect URI of form msal<clientId>://auth. Is that the one you set?

[patrick-robin]

Yep, that's set and it's working for the Android app, however in the UserDetailsClient\App.cs class the constructor takes a parameter specialRedirectUri which is used as the redirect uri when setting up the public client.

`public App(string specialRedirectUri = null)
{
PCA = PublicClientApplicationBuilder.Create(ClientID).WithTenantId("4a5378f9-29f4-4d3e-be89-669d03ada9d8")
.WithRedirectUri(specialRedirectUri?? $"msal{ClientID}://auth")
.WithIosKeychainSecurityGroup("com.microsoft.adalcache")
.Build();

        MainPage = new NavigationPage(new UserDetailsClient.MainPage());
    }`

And in the UWP MainPage.xaml.cs you have this:

`public MainPage()
{
this.InitializeComponent();

        // To get SSO with a UWP app, you'll need to register the following
        // redirect URI for your application
        Uri redirectURI = Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri();
        
        // Then use the following:
        LoadApplication(new UserDetailsClient.App(redirectURI.AbsoluteUri));
    }`

Which now I've read the comments in the code you need to add the app url as redirect uri in Azure, it might be worth adding it to the documentation as either an optional step or under the platform specific considerations.

[aiwangmicrosoft]

Yes, we can add that to the docs. Does it work for you now?

[saf-itpro]

@aiwangmicrosoft I am getting a similar error posted on github here. Could you please help?

[bgavrilMS]

Curerntly you need to set the redirect uri to "https://sso" and MSAL will internally switch to use Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri();

You do not need to register "https://sso" but you do need to register WebAuthenticationBroker.GetCurrentApplicationCallbackUri()

We have a work item to improve this experience - please vote for it.

I also added more details in our wiki:

https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/UWP-specifics#make-the-browser-remember-previous-usernames

[amirvenus]

Curerntly you need to set the redirect uri to "https://sso" and MSAL will internally switch to use Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri();

You do not need to register "https://sso" but you do need to register WebAuthenticationBroker.GetCurrentApplicationCallbackUri()

We have a work item to improve this experience - please vote for it.

I also added more details in our wiki:

https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/UWP-specifics#make-the-browser-remember-previous-usernames

Does that really need to be added in the UWP MainPage.xaml.cs?

I am getting an error:

'App' does not contain a constructor that takes 1 arguments. Would I have to change the constructor in App.xaml.cs file in the main project? I am confused how to pass that https://sso !

[bgavrilMS]

This is where you construct the PublicClientApplication object https://github.com/Azure-Samples/active-directory-xamarin-native-v2/blob/master/1-Basic/UserDetailsClient/UserDetailsClient/App.cs#L22

Make sure that the redirect uri is "https://sso" and see if that works.

[amirvenus]

This is where you construct the PublicClientApplication object https://github.com/Azure-Samples/active-directory-xamarin-native-v2/blob/master/1-Basic/UserDetailsClient/UserDetailsClient/App.cs#L22

Make sure that the redirect uri is "https://sso" and see if that works.

Nope it's the same error :-(

[bgavrilMS]

I am not sure what the error is, but 'App' does not contain a constructor that takes 1 arguments sounds like a compilation error which you should be able to figure out.

[amirvenus]

I am not sure what the error is, but 'App' does not contain a constructor that takes 1 arguments sounds like a compilation error which you should be able to figure out.

This is what I keep on getting:

[jmprieur]

@amirvenus , now that MSAL.NET supports, WAM, you probably want to use it?
Please check out the latest version of the sample (.WithBroker) and https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/wam

[amirvenus]

@amirvenus , now that MSAL.NET supports, WAM, you probably want to use it?
Please check out the latest version of the sample (.WithBroker) and https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/wam

Sounds promising, but I don't know how to use it in a UWP app within Xamarin.Forms.
Is there any sample repo I can test?

[jmprieur]

This is this sample, @amirvenus : it was updated.

See

active-directory-xamarin-native-v2/2-With-broker/UserDetailsClient/UserDetailsClient/MainPage.xaml.cs

Lines 42 to 53 in bbedea6

	case Device.UWP:
	builder = builder.WithExperimentalFeatures();
	// See also UserDetailsClient.UWP project in MainPage.xml.cs
	// To get the redirect URI that you need to register in your app
	// registration of a shape similar to:
	// ms-appx-web://microsoft.aad.brokerplugin/S-1-15-2-3163378744-4254380357-4090943427-3442740072-2185909759-2930900273-1603380124
	builder.WithDefaultRedirectUri();
	break;
	}
	builder.WithBroker();

active-directory-xamarin-native-v2/2-With-broker/UserDetailsClient/UserDetailsClient.UWP/MainPage.xaml.cs

Lines 25 to 28 in bbedea6

	string sid = Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri()
	.Host
	.ToUpper();
	string redirectUriWithWAM = $"ms-appx-web://microsoft.aad.brokerplugin/{sid}";

[amirvenus]

This is this sample, @amirvenus : it was updated.

See

active-directory-xamarin-native-v2/2-With-broker/UserDetailsClient/UserDetailsClient/MainPage.xaml.cs

Lines 42 to 53 in bbedea6

	case Device.UWP:
	builder = builder.WithExperimentalFeatures();
	// See also UserDetailsClient.UWP project in MainPage.xml.cs
	// To get the redirect URI that you need to register in your app
	// registration of a shape similar to:
	// ms-appx-web://microsoft.aad.brokerplugin/S-1-15-2-3163378744-4254380357-4090943427-3442740072-2185909759-2930900273-1603380124
	builder.WithDefaultRedirectUri();
	break;
	}
	builder.WithBroker();

active-directory-xamarin-native-v2/2-With-broker/UserDetailsClient/UserDetailsClient.UWP/MainPage.xaml.cs

Lines 25 to 28 in bbedea6

	string sid = Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri()
	.Host
	.ToUpper();
	string redirectUriWithWAM = $"ms-appx-web://microsoft.aad.brokerplugin/{sid}";

Thanks!
I think I am getting there. I could get rid of that error and could get a token but apparently I cannot use that token to call any of my API endpoints as I keep on getting 401.
This is my code:

     var builder = PublicClientApplicationBuilder
                .Create(B2CConstants.ClientID);

            switch (Device.RuntimePlatform)
            {
                case Device.UWP:
                    builder = builder
                        .WithExperimentalFeatures()
                        //.WithB2CAuthority(B2CConstants.AuthoritySignInSignUp)
                        ;
                    builder.WithDefaultRedirectUri();
                    break;
                default:
                    builder = builder.WithB2CAuthority(B2CConstants.AuthoritySignInSignUp)
                        .WithIosKeychainSecurityGroup(B2CConstants.IOSKeyChainGroup)
                        .WithRedirectUri($"msal{B2CConstants.ClientID}://auth");
                    break;
            }
             
            PublicClientApplicationBuilder.Create(B2CConstants.ClientID);

When I uncomment WithB2CAuthority(B2CConstants.AuthoritySignInSignUp) , that previous error comes back.

[amirvenus]

And when I use WithBroker:

                    builder = PublicClientApplicationBuilder
                        .Create(B2CConstants.ClientID)
                        
                        .WithExperimentalFeatures()
                        .WithDefaultRedirectUri()
                        .WithB2CAuthority(B2CConstants.AuthoritySignInSignUp)
                        //.WithRedirectUri($"msal{B2CConstants.ClientID}://auth")
                        //.WithRedirectUri($"https://sso")
                        .WithBroker(true)

I get this screen:

and the stacktrace:

[jmprieur]

@amirvenus : sorry I had not understood you were targetting B2C.

• This sample is for Azure AD, not for Azure AD B2C. you cannot use WAM with B2C.
• The B2C sample is https://github.com/Azure-Samples/active-directory-b2c-xamarin-native

[jmprieur]

Proposing to close this issue. Feel free to open a new issue in the b2C-xamarin sample if you have one.