Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Specifying a custom redirect URI in the PublicClientApplication #574

Closed
ADNewsom09 opened this issue Jun 9, 2023 · 5 comments · May be fixed by #593
Closed

Specifying a custom redirect URI in the PublicClientApplication #574

ADNewsom09 opened this issue Jun 9, 2023 · 5 comments · May be fixed by #593
Labels
answered question

Comments

@ADNewsom09
Copy link

Describe the bug
Unable to specify a redirectURI in the form http://localhost:1234/MyApp when creating a PublicClientApplication or using that with acquire_token_interactive

To Reproduce
Steps to reproduce the behavior:

authUrl = 'https://login.microsoftonline.com/' + app_config.TENANT_ID
app = msal.PublicClientApplication(app_config.APP_ID, authority=authUrl)
token = app.acquire_token_interactive(scopes=app_config.SCOPES)

Expected behavior
Using other packages like the C# one, we have been able to access this API.

What you see instead
AADSTS50011: The redirect URI 'http://localhost:49686' specified in the request does not match the redirect URIs configured for the application

The MSAL Python version you are using
1.22.0

Additional context
We cannot change the redirect URI on the application because there is another application type that uses the bare localhost, and other connecting applications expect the http://localhost:1234/MyApp redirect URI. I see the docs say

The port to be used to listen to an incoming auth response. By default we will use a system-allocated port. (The rest of the redirect_uri is hard coded as http://localhost.)
But that isn't the case with other packages.
@rayluo
Copy link
Collaborator

rayluo commented Jun 10, 2023

Additional context
We cannot change the redirect URI on the application because there is another application type that uses the bare localhost, and other connecting applications expect the http://localhost:1234/MyApp redirect URI.

What "other application type" uses the bare localhost?

Note that there are different types (known as "platforms") of applications. Typically, one app (identified by its unique client_id) can target multiple platforms, such as a "Web" platform using redirect URI http://localhost:1234/path for development and https://example.com/path for production, together with a "Mobile and desktop application" platform using bare http://localhost. They will all work together. You shouldn't need to specify a different redirect URI for acquire_token_interactive().

@ADNewsom09
Copy link
Author

The exact situation you are talking about, but in reverse.
For this application, there is an SPA platform target that uses bare http://localhost:1234 and a "Mobile and desktop application" platform target that uses http://localhost:1234/path. These are in production item with non-python libraries which support changing the redirect URI to include those paths, which is why changing the SPA paths away from bare localhost would be an issue for existing users. We are trying to build a python based client for this application.

@rayluo
Copy link
Collaborator

rayluo commented Jun 16, 2023

there is an SPA platform target that uses bare http://localhost:1234 ... in production

Out of curiosity, why is an in-production SPA app would use localhost as redirect URI? Shouldn't localhost be only for development purpose, and shouldn't the production redirect URI contain https://YourCoolWebsite.com/...?

@ADNewsom09
Copy link
Author

There is of course interesting historical reasoning for this for us. I'm advocating for feature parity with the ms auth library for c#, which does support these paths.

@rayluo
Copy link
Collaborator

rayluo commented Sep 14, 2023

By any chance the website hosting your SPA app is publicly accessible so that I can take a quick look?

@rayluo rayluo mentioned this issue Sep 16, 2023
Open
@bgavrilMS bgavrilMS closed this as not planned Won't fix, can't repro, duplicate, stale Sep 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
answered question
Projects
None yet
Milestone
No milestone
3 participants
@rayluo @ADNewsom09 @bgavrilMS