So, you got an error with a code AADSTS50011? That’s ok – it’s just Azure AD’s authentication acting up because of invalid reply URLs! Since there might be a couple of different reasons for this error, this post also describes a couple of different solutions, that might help you overcome the issues.
So, you’re getting an error somewhat like this:
But why? Did you mess something up? Well, if you’re the person who configured the app you’re trying to use, you probably did! Although Microsoft might still be the one to blame for that.
Reason for getting AADSTS50011
This error can typically be caused by 2 different configuration issues. You’re either (1) accessing the page from a different address than what you’ve configured for your app, or (2) you have made a mistake in the configuration itself. In both of these cases, it’s typically fairly easy to fix the issue. You’ll probably want to just tweak the configuration – let’s see how!
Oh – and in case you’re an end-user, with no access to Azure AD 2.0 endpoint configuration (https://apps.dev.microsoft.com), and you’re getting this issue, you’re going to have to contact whoever in your organization handles this kind of stuff.
However, if you can edit these permissions yourself, see a couple of things you could check below!
Solution(s) to different “The reply address does not match the reply addresses configured” -errors
These instructions apply to Azure AD v2.0 endpoint – that’s the shiny, new endpoint, that a lot of new apps are using. It supports personal accounts (and not just organizational ones), requires just one App Id for multiple platforms, supports dynamic permissions and much more. See the full list of the perks here!
Anyway, about the fixes – I’ve got a few solutions you could try.
The simple solution: Make sure, that your URL is actually included in the configuration
This might be obvious, I admit, but worth mentioning. So, this is what to do:
- Browse to https://apps.dev.microsoft.com
- Log in using the account that the app was registered with
- Click on your app
- Check the “Redirect URLs” -section and verify, that the URL you’re accessing the app from really is listed there!
What if you already added the URL, but it’s still not working?
A couple of things to check:
- Is the app id (client id) the same? You’ll need to verify, that you’re actually working on the same app that you’re using on whatever page that throws the error.
- Check out this bug and the workaround:
To be updated, when new gotchas are found! 🙂
What if you now have this error code, but with error description “Reply address did not match because of case sensitivity.”?
This is kind of a new one. Another blog post coming out about this…
Latest posts by Antti K. Koskela (see all)
- Fastest way to verify your Client Id and Client Secret are valid with PowerShell - August 9, 2018
- How to get the user count for Azure AD Enterprise Application - August 1, 2018
- Solving “Tenant app deployment is only supported in the app catalog site. The current site is not the app catalog site.” error - July 31, 2018
- Solving “Sorry, your files couldn’t be uploaded. The upload might be too large or the server might be experiencing high network traffic.” in SharePoint - July 24, 2018