Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Seeking Clarity on Redirect URI Configuration #283

Open
tomgoto opened this issue Jan 28, 2025 · 2 comments
Open

Seeking Clarity on Redirect URI Configuration #283

tomgoto opened this issue Jan 28, 2025 · 2 comments
Assignees
@adilei
Labels
SharePointSSOComponent

Comments

@tomgoto
Copy link

tomgoto commented Jan 28, 2025

Hello, I would like to clarify whether I am configuring the redirect URI incorrectly or if this is expected behavior.

I followed the documentation and installed the SharePoint SSO Component on SharePoint Online. This setup successfully added a chatbot launch button to the bottom of every page on the SPO site.

However, when I press the button, it gets stuck in an access loop. Checking the browser's Developer Tools, I found the following error:

Request Id: c30fc620-389b-4dbf-8490-8950b4592900  
Correlation Id: a78e93db-7cf0-4723-852f-e8d76791edef  
Timestamp: 2025-01-28T14:07:48Z  
Message: AADSTS50011: The redirect URI 'https://<tenant>.sharepoint.com/sites/ai-tech/SitePages/CollabHome.aspx' specified in
 the request does not match the redirect URIs configured for the application '4c8407d8-c062-476f-9d24-4e85a5dd9xxx'. 
Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. 
Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this.

When I registered the full page URI as a redirect URI in the canvas app under "Single-page application," the chatbot screen displayed correctly (although it still prompts for a login token, so there are remaining issues).

Image

Do I need to register each SPO page (.aspx) that might be an access source as a redirect URI?
@tomgoto
Copy link
Author

tomgoto commented Jan 28, 2025

  • According to the documentation, both the site URL with and without a trailing slash need to be registered.
  • Based on this issue, it seems that FULL URIs, including SPO pages, are being added.
  • Since redirect URIs are absolute, does this mean FULL URIs, including SPO pages, are indeed required?

@johnnliu
Copy link

johnnliu commented Feb 10, 2025
edited
Loading

In MSALWapper the msalConfig takes an optional redirectUri.

constructor(clientId: string, authority: string, redirectUri: string) {
    this.msalConfig = {
      auth: {
        clientId: clientId,
        authority: authority,
        redirectUri: redirectUri
      },
      cache: {
        cacheLocation: "localStorage",
      },
    };
    this.msalInstance = new PublicClientApplication(this.msalConfig);
  }

By default, redirectUri in MSAL takes the current browser's location - which can be any page in your site, since the customizer is in the footer for the entire site. App Registration also doesn't allow wildcard redirect uri.

In my case, I override mine with an additional webpart config. But you can hardcode it to a specific URI.

https://<tenant>.sharepoint.com/sites/ai-tech/

and just don't bother with registering other URIs. I think this is a better approach.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adilei adilei

Labels
SharePointSSOComponent
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@johnnliu @tomgoto @adilei