Connect-Graph fails with "The reply url specified in the request does not match the reply urls configured for the application"
Jazzman123 opened this issue · 3 comments
Jazzman123 commented
Describe the bug
When I use the Connect-Graph cmdlet with an AppID that I just created I see the MSAL authentication, but after I authenticate the cmdlet shows an authentication error. (See the verbose output below.) It's saying that the reply URL isn't listed for my app, but I can't figure out what the expected reply URL is, so I can't add it.
Desktop (please complete the following information):
- OS: Windows 10 1903
- AutoGraphPS-SDK module Version 0.10.0
**Logs -- please attach the following data for failures executing a command
VERBOSE: Attempt to get current context -- current context is set to 'v1.0' VERBOSE: Connecting context 'v1.0'
VERBOSE: No reconnect -- creating a new connection for this context VERBOSE: Custom endpoint data required, no graph endpoint URI was specified, using URI based on cloud
VERBOSE: Creating endpoint with cloud 'Public', auth protocol 'v2' VERBOSE: Browser supported: True, NoBrowserUISpecified False, IsRemotePSSession: False
VERBOSE: Connection specified to UpdateConnection VERBOSE: Connecting... VERBOSE: Getting token for resource https://graph.microsoft.com/ from auth endpoint: https://login.microsoftonline.com/ with protocol v2
VERBOSE: Attempting to get token for 'https://graph.microsoft.com/' ...
VERBOSE: Using app id 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' VERBOSE: Is confidential client: 'False'
VERBOSE: Adding scopes to request: User.Read VERBOSE: Sending auth request to auth uri 'https://login.microsoftonline.com/common'
VERBOSE: V2 auth provider acquiring initial user token
VERBOSE:
Token request status: WaitingForActivation
VERBOSE: System.AggregateException: One or more errors occurred. ---> Microsoft.Identity.Client.MsalServiceException: AADSTS50011: The reply url specified in the request does not
match the reply urls configured for the application: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'.
Trace ID: 4294c4df-85c2-4f1c-8163-014d4b0dc400
Correlation ID: 5ca25e85-8e57-4d1d-9770-c0a90aaa122c
Timestamp: 2019-07-15 19:09:53Z
at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateErrorResponse(HttpResponse response, RequestContext requestContext)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateResponse[T](HttpResponse response, RequestContext requestContext, Boolean addCorrelationId)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.<ExecuteRequestAsync>d__10`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.<GetTokenAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<SendHttpMessageAsync>d__23.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<SendTokenRequestAsync>d__22.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<ExecuteAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__16.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.PublicClientApplication.<AcquireTokenForLoginHintCommonAsync>d__22.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
--- End of inner exception stack trace ---
application: 'b0fa3592-3be4-4dfc-a9e9-fc2dc3b42971'.
Trace ID: 4294c4df-85c2-4f1c-8163-014d4b0dc400
Correlation ID: 5ca25e85-8e57-4d1d-9770-c0a90aaa122c
Timestamp: 2019-07-15 19:09:53Z
at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateErrorResponse(HttpResponse response, RequestContext requestContext)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateResponse[T](HttpResponse response, RequestContext requestContext, Boolean addCorrelationId)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.<ExecuteRequestAsync>d__10`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.<GetTokenAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<SendHttpMessageAsync>d__23.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<SendTokenRequestAsync>d__22.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<ExecuteAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__16.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.PublicClientApplication.<AcquireTokenForLoginHintCommonAsync>d__22.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.PublicClientApplication.<AcquireTokenAsync>d__5.MoveNext()
ErrorCode: invalid_client
StatusCode: 400
Claims: <---
An authentication error occurred: 'One or more errors occurred.'. See verbose output for additional details
At C:\Program Files\WindowsPowerShell\Modules\autographps-sdk\0.10.0\src\client\GraphIdentity.ps1:131 char:13
+ throw [Exception]::new(("An authentication error occurred ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [], Exception
+ FullyQualifiedErrorId : An authentication error occurred: 'One or more errors occurred.'. See verbose output for additional details
adamedx commented
Wow, I'm sorry I just now saw this (I usually look at the autographps repo -- will definitely keep a close eye on this one now.
Did you try the AppRedirectUri option -- you can use that to supply the reply url. It would probably be a good idea to alias the this with replyurl, so I may add that soon as well.
adamedx commented
adamedx commented
Thanks very much for trying it out, and sorry about the delay in seeing this.