$_ cmd

← decode · jargon mode

ERROR AADSTS

AADSTS900971

App registration is missing a redirect URI

in plain english

The OAuth/OIDC flow needs to know where to send the user back after authentication. The app didn't send a redirect_uri in the request and there isn't a default one configured on the app registration. App-reg config error, not a user error.

most likely causes

  • App registration has zero redirect URIs configured for the platform being used (Web / SPA / Mobile)
  • The auth library didn't include redirect_uri in the request and there's no default registered
  • Redirect URI was registered on the wrong platform tab (e.g. SPA URI registered under Web)
  • Note: a redirect_uri value that doesn't MATCH a registered URI surfaces as AADSTS50011, not 900971

fix path

  1. Entra portal → Identity → App registrations → <app> → Authentication → add the platform (Web / SPA / Mobile) and the redirect URI
  2. Confirm the URI matches EXACTLY what the app sends (including https vs http, trailing slash, port number)
  3. For SPA apps using MSAL.js: the URI must be on the Single-page application platform, NOT Web
  4. Check the app's code/config for the redirect_uri value — that's the literal string Entra expects to find on the registration

seen in

Custom app first run · App registration setup · Postman or local development against Entra

microsoft learn docs →

related

verified