AADSTS650056: Misconfigured application. This could be due to one of the following: The client has not listed any permissions for ‘AAD Graph’ in the requested permissions in the client’s application registration.

Let’s get started… You are getting the following similar message… AADSTS650056: Misconfigured application. This could be due to one of the following: The client has not listed any permissions for ‘AAD Graph’ in the requested permissions in the client’s application registration. Or, The admin has not consented in the tenant. Or, Check the application identifier in the request to ensure it matches the configured client application identifier. Please contact your…

Read More

How to acquire bearer token non-interactively with a federated user

You are looking for a way to acquire an access token from Azure Active Directory without user interaction. We highly recommended to always use an interactive user sign-in experience as this is the most secured method. Especially when your organization has conditional access policies which require Multi-Factor Authentication. If at all possible, please use the methods for interactive sign-in. Here are some general guidance on how to non-interactively acquire a…

Read More

Troubleshooting Asp.Net OWIN and Asp.Net Core Authentication sign-in failures with Azure Active Directory

Let get started! This article assumes you are using your own code to perform the authentication to Azure Active Directory. IMPORTANT: So if your using Azure App Services or Azure Function Apps Authentication/Authorization feature, this article is not for you. You are developing a Asp.Net OWIN or Asp.Net Core Authentication web application and integrating it with Azure Active Directory. You run into some issues during the sign-in process with no…

Read More

AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application

Last Updated: August 23 2019 Let’s get started… When your developing or integrating an application with Azure AD, you might see the following similar error… AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: ‘XXX’. This is because the redirect_uri (when using OpenID Connect) or AssertionConsumerServiceUrl (when using SAML2) being passed to Azure Active Directory to sign-in, does not exist in…

Read More

Using “groups” claim in Azure Active Directory

Lets get Started! To enable the return of groups in a claim, there are two ways… Use the application registration manifest by enabling the groupMembershipClaims property… https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest or if it’s a SAML application, you can enable it though the SSO configuration. The steps on enabling groups claim is outlined in the following article… https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-group-claims Once enabled, groups will now be returned in the “groups” claim within a access token or…

Read More