Following this procedure: https://learn.microsoft.com/en-us/graph/auth-v2-user

I'm trying to get a refresh token from this microsoft end point: https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize

Using PostAsync method from System.Net.Http.HttpClient class from nuget (asp.net core 2.2) library, I'm able to get a response back with this error: "AADSTS90102: 'redirect_uri' value must be a valid absolute Uri.":

I tried to set some redirect url in the Azure Portal including: https://automation.legroupeti.com/Configurations/GetRefreshToken/ https://automation.legroupeti.com/Configurations/GetRefreshToken https://automation.legroupeti.com/ https://automation.legroupeti.com

The post request is the following (Using PostAsync method from System.Net.Http.HttpClient class from nuget (asp.net core 2.2)):

Here are the configured redirect urls form the registred application in the Azure Portal:

I expect a valid response from the endpoint. How do I configure the redirect_uri to be valid?

EDIT 1

I fixed the redirect_uri parameter.

You seem to be mixing the authorize and token endpoints.

If you want the user to authenticate, you have to redirect the user to that URL, not send a POST request to it. After the user returns to your app, you need to exchange the authorisation code for tokens. Documentation: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-web-app-call-api-overview

If you want a token just for your app without user authentication, you need to call the token endpoint. Documentation: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-overview

I was getting this error and for me the issue was that I was encoding the redirect_uri value in the post request to the /oauth2/v2.0/token endpoint. Notice how redirect_uri is not encoded in this request.

POST /{Tenant ID}/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
Cookie: {cookie}
Content-Length: 941

client_id={Application (client) ID}
&scope=https://graph.microsoft.com/mail.read
&redirect_uri=http://localhost/myapp/
&grant_type=authorization_code
&client_secret={secret}
&code={code}

I used the Postman sample provided by Microsoft to find the root cause.

https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-access-token

From the screenshot, it appears that the URLEncoding is incorrect. The '/' character in the path should be encoded to %2F, while your code has %2. (After '.com' and before 'Configurations'.)

Also, have you considered the Authorization Provider from the SDK? https://learn.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS#AuthCodeProvider

You seem to be mixing the authorize and token endpoints.

If you want the user to authenticate, you have to redirect the user to that URL, not send a POST request to it. After the user returns to your app, you need to exchange the authorisation code for tokens. Documentation: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-web-app-call-api-overview

If you want a token just for your app without user authentication, you need to call the token endpoint. Documentation: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-overview

I also faced the same problem:

AADSTS90102: 'redirect_uri' value must be a valid absolute Uri.

I tried few URL variants (with encoding, without, etc.) in Chrome, but was getting different exceptions about a wrong URL. Then I used the Safari browser and voila, I got a response code.

In the final result, I just copied the URL from the documentation, pasted tenant and client_id values from the registered application into the return_url parameter, and instead of the /myapp/ prefix I pasted %3A8080, where %3A it's the : symbol. The redirect_utl param has to be the same as URL in the registered application.

It worked for me without URL encoding. Maybe because the parameter is in the body and it's not a query parameter.

Postman example: