This article describes how to fix the "AADSTS500113: no-reply address is registered for the application" error. You typically get this error, when your app is trying to authenticate your users against Azure Active Directory.
I have been posting about different versions of the Azure Active Directory authentication errors (different errors with AADSTS -codes) a lot - I'll need to find a better way to categorize them in the future. But, for now, onto the issue!
Problem
Table of Contents
Table of Contents
Another day, another app, another address-related authentication issue replied in Azure AD. This one (for once) should be simple.
When you're loading your app, that's authenticating against Azure AD, most likely in a web browser or another online client, you'll be redirected to a Microsoft Online login page with the following error:
AADSTS500113: no reply address is registered for the application
This error code is kind of peculiar. It's not listed on Microsoft's long list of AADSTS-error codes... Perhaps, because it seems to be a variant of AADSTS50011, which itself has a number of different error messages. These error messages describe different issues with reply URLs - just like this particular error code. I don't know why, but apparently, Microsoft thought that the misconfiguration (not to have reply URLs at all!) deserves a custom error code! It basically looks like "error code AADSTS50011, variant 3" - this just makes me wonder what happened to variants 0, 1, and 2...
Okay, but on to the resolution of the issue. What to do?
The solution to error AADSTS500113
Okay, so you need to add a reply URL (also called "Redirect URL" or "Redirect URI"). Let's go through the steps to do it in Azure Active Directory:
Time needed: 5 minutes.
How to verify that your reply URL is included in the Redirect URIs of your app?
Browse to https://aad.portal.azure.com
First, you'll need to navigate to Azure Active Directory Portal (https://aad.portal.azure.com)
Log in using your Office 365 / Cloud App Administrator account
You'll need to log in using either a Global Administrator, Cloud App Administrator account (or an account that's an owner of the app you want to modify!)
Navigate to "App registrations"
You should see "App Registrations" in the left hand side navigation.
App Registrations under Azure Active DirectoryFind your app under "Owned applications" or "All applications"
You'll see a list of your applications by default, but if you're not the owner, you can browse all applications by clicking "All applications"
Select "Manage" -> "Authentication"
Under "Manage" you'll find "Authentication". Click it.
Check the "Redirect URIs" -section. Verify, that the URL you're accessing the app from really is listed there!
When accessing the Authentication settings under your app registration, you should add the URLs you expect your app to be called from - like in the screenshot below:
"Redirect URIs" -section in Azure Active Directory's app registration view.
Note: A comparable article - also including an important and interesting hack that you need to try in case the abovementioned trick doesn't work - is linked below. If this article doesn't solve your issue, see this article instead: How to fix “AADSTS50011: The reply address does not match the reply addresses configured” -error
Hope it helps!
References
- Microsoft has an unfinished list of Azure Active Directory error codes - useful, even if not perfect: https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-aadsts-error-codes
Comments
- I have used "adal-angular": "1.0.18" and have successfully received the token for completing Single Sign On.
- However when trying to use the same to get the token for Microsoft Graph Resources there are some errors.
- Link to the raised queries :
https://stackoverflow.com/questions/69493398/get-the-microsoft-graph-token-with-adal-angular-package-adal-js-authentication-c