Azure AD auth redirect not using configured reply url

Asked 9/7, 2014 at 19:51 Answered 9/1, 2017 at 18:9

angularjs authentication azure openid single-sign-on

I have registered an angular app with Azure AD for authentication. After auth, Azure redirects back to my app as designated by the "Reply Url" in the Azure config.

Reply Url = http://myapp.com/#/?

The app expects url parameter fragments (such as auth code, token, state, etc) appended to the redirect url, which are checked if user auth succeeded.

Redirect Url = http://myapp.com/#/?code=<some code>&id_token=<id token>&...

This was working before, but as of yesterday the redirect url now looks like this

Redirect Url = http://myapp.com/#code=<some code>&id_token=<id token>&...

No changes were made to the app config in azure management portal.

This new format is breaking angular routing in the app, and the auth parameters are not being captured/parsed. Everything after the "#" in the reply url seems to be ignored.

Any idea as to what causes the redirect url not to use the complete reply url configured in Azure AD?

Fennessy answered 9/7, 2014 at 19:51 Comment(4)

We are experiencing the same issue. Have you figured out a way to overcome this? – Breath 7/10, 2014 at 22:43

Added feedback on Azure feedback.azure.com/forums/169401-azure-active-directory/… – Breath 7/10, 2014 at 23:5

I have the same problem, except my redirect_uri doesn't even have # in it, just some normal query string parameters. Was working yesterday, broke today. My workaround is to set up a redirect in the .htaccess and use that as the redirect_uri, i.e. /azureredirect.html redirect to /index.php?param1=value1&param2=value2%{QUERY_STRING} – Seaver 8/10, 2014 at 11:39

Our workaround was to handle the return url parsing in our app.js where routing is handled. We did not want to rely on the url that Azure spit back out and just assumed that it would hit our angular router first on the redirect, then just have some routing logic to check if coming from Azure or anywhere else. I think this is a more robust approach anyway than declaring routes in Azure. – Fennessy 8/10, 2014 at 14:18

As I know, Reply Url configured on Azure AD is just to validate the location.origin of the redirected url.

This redirected url can be configured by setting redirectUri option in the adalAuthenticationServiceProvider.init method (as you're making Angular app).

Back to your question, I have same redirect url format #id_token=... without ? character. But all good for me because I can access all necessary values by accessing adalAuthenticationService.userInfo object.

Check out here for more detailed info.

Hope it helps in your case.

Kunstlied answered 2/10, 2015 at 5:32 Comment(0)

What I did was to use HTML5 mode on the Angular side.

You can see how I configured ADAL and routing:

$locationProvider.html5Mode(true).hashPrefix("!");

var endpoints = {
    "/api": "https://app-id-uri"
};
adalAuthenticationServiceProvider.init(
{
    clientId: "12345678-1234-1234-1234-123456789012",
    endpoints: endpoints
},
$httpProvider
);

On server-side it was then important to return the index page no matter what route was hit, since routing is done client-side. Now AAD returns the code in the fragment as usual and all routing works as well.

Skilled answered 9/1, 2017 at 18:9 Comment(0)

Recommended topics

Hot tags