Last Updated: August 23 2019

Let’s get started…

When your developing or integrating an application with Azure AD, you might see the following similar error…

AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: ‘XXX’.

This is because the redirect_uri (when using OpenID Connect) or AssertionConsumerServiceUrl (when using SAML2) being passed to Azure Active Directory to sign-in, does not exist in the application registration.

For example, if using OpenID Connect, your authentication request might look something like this…

If you are signing in using a browser, you can also see this sign-in request in the browsers address bar on the error screen.

So, we are going to check if is a reply address in the application registration for 99f00653-5600-45d1-aa19-57a297ad0a58

We got the error because is not added as a reply address in the application registration.

For SAML authentication, The sign-in request might look something like this…

The SAMLRequest is going to look like a long value of random characters. We call this a Base64 encoded string that is SAML enflated. So to ‘deflate’ this in order to read the contents of the SAMLRequest, you can use the TextWizard in Fiddler or use a tool like the one below…

Once the SAMLRequest is deflated, it will look something like this…

Version="2.0" IssueInstant="2013-03-18T03:28:54.1839884Z"
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion"></Issuer>
<NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>

The Assertion Consumer Service (ACS) within the SAMLRequest resembles the reply address.

So, we are going to check if ‘‘ is a reply address in the application registration for the application ‘’ which is identified by the apps ‘Identifier (Entity ID)’ in Azure Active Directory.

So what’s the solution?

So, to resolve this, you guessed it, ensure the redirect URI or Assertion Consumer Service URL is added to the application registration.

To do this…

  1. Sign into the Azure portal @
  2. Go to Azure Active Directory.
  3. Go to Application registrations.
  4. Find your app.
  5. Go to Authentication under Manage.
  6. Review your registered Redirect Uri(s).

How to determine what reply address is being used…

If you’re not sure how to collect this information, we generally like to use a HTTPS capturing tool like Fiddler (Available for Windows, macOS, and Linux).

To learn more about how you can use Fiddler, see the following article…

You can look at the details of your request to Azure AD. Use the following article as a guide…

5 2 votes
Article Rating
Notify of

Newest Most Voted
Inline Feedbacks
View all comments
September 24, 2019 11:10 am


Thanks for the detailed post.

even though i have registered the redirect url in the app in azure and added same url in the redirect uri in the oauth url, i was getting same exception while fetching authorization code.

this is the exception log

AADSTS500112: The reply address ‘http://testUrl’ does not match the reply address ‘https://testUrl’

only difference i see in the above exception is the http and https.

i don’t know how it came as http, because i have added both urls as https.

i was using msal java library to integrate with azure

June 11, 2020 12:10 pm

Hi I am still getting the error AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application:
I have added the redirect URl to my localhost

Monika Thakkar
Monika Thakkar
February 23, 2021 5:04 pm


I am using this for mobile application and I am getting this error :AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the applicatio.

Can you please suggest what should be redirect url for expo react-native mobile app?

Bac Hoang [MSFT]
February 25, 2021 12:11 am
Reply to  Monika Thakkar

You probably want to capture a Fiddler trace of your mobile app to see what redirect URL was used in the request and then configure that URL in the Application Registration portal