We are using AcquireTokenInteractive
to connect to EWS 365 like this:
// using Microsoft.Identity.Client 4.61.1
var pca = PublicClientApplicationBuilder
.CreateWithApplicationOptions(pcaOptions) // userId, tennantid
.WithDefaultRedirectUri()
.Build();
...
var result = await pca.AcquireTokenInteractive(ewsScopes).ExecuteAsync();
This is more or less what the example code does, that you can find somewhere in Entra.
We did this following this explanation Authentication and EWS in Exchange.
This is working fine, we get the token and everything. However the browser that was used to do the auth allways does a redirect to some http://localhost:SOMEPORT
that fails and thus shows an error message.
What is it that we are doing wrong here? We did not specify any rediect uris in the portal and if we omit the WithDefaultRedirectUri()
we get an error
Microsoft.Identity.Client.MsalClientException: "Only loopback redirect uri is supported, but urn:ietf:wg:oauth:2.0:oob was found. Configure http://localhost or http://localhost:port both during app registration and when you create the PublicClientApplication object. See https://aka.ms/msal-net-os-browser for details"
or similiar depending if its on a wpf app or unit test.
Since all we care about the token (which is working), that failed browser redirect will just confuse the user. How do we get rid of it?
2
Answers
Initially, I too got same error when I removed WithDefaultRedirectUri() line from code while getting token with interactive flow:
To resolve the error, make sure to add http://localhost as redirect URI in "Mobile and desktop applications" platform while using interactive flow for token generation:
In my case, I ran below modified code in .NET 8 console app by including redirect URI and got login screen to pick account:
Pick an account:
Once the authentication is successful, user will be redirected to this page in browser:
When I checked the output console now, I got access token successfully like this:
To confirm that, I decoded the access token in jwt.ms website where it has
aud
andscp
claims as below:Reference:
Default reply URI – Microsoft Authentication Library for .NET | Microsoft
We were able to fix the Problem.
Solution:
Include current Packages:
Microsoft.Identity.Client Version="4.61.1"
Microsoft.Identity.Client.Broker Version="4.61.1"
Configure Redirect URI as "http://localhost"
Use this Code:
This Code needs a WindowHandle. Here retrieved from Application.Current.MainWindow. You may use your own Window.