I don’t know if anything has changed recently, but after following the guide on integrating ms office AAD auth to erpnext, I am getting AADSTS90102: ‘redirect_uri’ value must be a valid absolute URI.
I even gave all 3 forms of email access as suggested in this discussion:
I tried a lot of things, but still haven’t been able to fix this issue. One reason I think could be happening is the redirect URI being sent from the side of erpnext is not https and also for some reason the http word gets repeated twice in the url. Also the baseurl (office.prishapolicy.com) isn’t even mentioned in the redirect URI. Here you can see the redirect uri encoded in the flow:
https://login.microsoftonline.com/common/oauth2/authorize?redirect_uri=http%3A%2F%2F%27http%3A%2Fapi%2Fmethod%2Ffrappe.integrations.oauth2_logins.login_via_office365&state=eyJzaXRlIjogImh0dHA6Ly8naHR0cDovL2xvY2FsaG9zdCciLCAidG9rZW4iOiAiNDNmZGRmODI2Y2IwZTU1NDkyMTlmOTdiNmY3MzQ0ZmY2NjI0MzEzOWMxMDY2YTJkMjE5OTBmYjkiLCAicmVkaXJlY3RfdG8iOiBudWxsfQ%3D%3D&response_type=code&scope=openid&client_id=11410b3b-3aa9-40f2-a58a-2e400b0f1147
The redirect uri should be something like this:
https%3A%2F%2Foffice.prishapolicy.com%2Fapi%2Fmethod%2Ffrappe.integrations.oauth2_logins.login_via_office365
Any help would be appreciated
Quoting from azure docs : * Redirect URIs must begin with the scheme https . There are some exceptions for localhost redirect URIs.
Taken from : Redirect URI (reply URL) restrictions - Microsoft Entra | Microsoft Learn
This is the tutorial I followed, but all the video tutorials here are broken and the screenshots are also a bit outdated How To Enable Social Logins
Google also has the same issue
I finally kind of solved this by changing the site configurations of the erp installation.
Disclosure : I am an absolute beginner in ERPNext and this install has been hosted on azure using a bitnami installer, so your file structure and overall system might vary slightly.
But these are my two main config files which were used to fix the auth flow.
Site config:
Here is the key and value that I changed
“host_name”: “https://office.prishapolicy.com”
Also in the Common site config :
Notice that i changed webserver_port from the default value of 8000 to an empty string. I don’t know if doing this was entirely safe but this was the only way to make the redirect_uri not mention the port number, I got the idea to do this from Google Settings Error: redirect_uri_mismatch and Configuration
I hope this helps someone who is stuck with this.
2 Likes
Yes, that worked. The key is the “host_name”: “https://office.prishapolicy.com" setting, other wise the local DNS setting is used, which in shared environments is not necessary the same as the registered domain!
