To automate our build process, i was looking for a possibility to change the "Reply URL" of an existing Active Directory application via a Powershell script.
The official documentation just describes a way, how to change it with help of the web portal.
There is already a Github issue about this topic. But maybe someone faced a similar problem in the past and solved it?
To set your reply URL in Azure:Select Azure Active Directory | App Registration, then select your app. Select Add a Redirect URI. Enter your reply URL in the Redirect URI field. Select Save.
1st way: Click Switch tenant option. 2nd way: Click on the user id on the top right side, and choose Switch directory. In the switch tenant Select the Azure AD tenant and click switch, when you select it from Directory + subscription wizard double click the directory to choose it.
A redirect URI, or reply URL, is the location where the authorization server sends the user once the app has been successfully authorized and granted an authorization code or access token.
With the Active Directory Powershell Module this is even simpler. You first need to install the module, like this:
Install-Module -Name AzureAD
Then you need to log in to Azure AD. This can be done interactively, if you are on a desktop, with Connect-AzureAD
, which will show a popup asking you to log in. If you are e.g. in a CI environment, you can use a Service Principal to authenticate.
When authenticated, the following will do the job (remember to change the Azure AD App ID (which is the one you typically get in the error message from MS Saying that Reply URL <bladibla> is not valid for application <guid>
and the reply URL:
$appId = "9e5675c3-7cd5-47c1-9d21-72204cd1fe2f" #Remember to change
$newReplyUrl = "https://mywebapp.azurewebsites.net/SignIn/"; #Remember to change
# Get Azure AD App
$app = Get-AzureADApplication -Filter "AppId eq '$($appId)'"
$replyUrls = $app.ReplyUrls;
# Add Reply URL if not already in the list
if ($replyUrls -NotContains $newReplyUrl) {
$replyUrls.Add($newReplyUrl)
Set-AzureADApplication -ObjectId $app.ObjectId -ReplyUrls $replyUrls
}
As an alternative, you can put the following script in a console application and then call this program from your Powershell script.
First of all, include the nuget package Microsoft.Azure.ActiveDirectory.GraphClient
.
//First, log in into Azure:
Uri servicePointUri = new Uri("https://graph.windows.net");
Uri serviceRoot = new Uri(servicePointUri, "YourTenantId");
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot,
async () => await AcquireTokenAsyncForUser("YourTenant.onmicrosoft.com", "ClientIdForThisApplication"));
//A popup will now be shown to you, requiring you to log in into the AAD.
//Find your application
var existingApp = activeDirectoryClient.Applications.Where(s => s.DisplayName == "NameOfYourApplication").Take(1).ExecuteAsync().Result;
if (existingApp != null && existingApp.CurrentPage != null && existingApp.CurrentPage.Count == 1)
{
//Application found
var app = existingApp.CurrentPage.First();
//Change the Reply Url
app.ReplyUrls.Clear();
app.ReplyUrls.Add("http://YourNewReplyUrl/");
app.UpdateAsync().Wait();
}
A bit more details about the things you will need to change:
YourTenantId
, this is the GUID that's used to identify your azure active directory (AAD).YourTenant.onmicrosoft.com
, basicly this is the name of your AAD followed by ".onmicrosoft.com".ClientIdForThisApplication
, you will have to add the above console application in your AAD under applications manually. (as a Native Client Application). In the Configure tab, you will find the Client ID for this application. This only needs to be done once, you can keep using this application (and its Client Id) for all your builds.NameOfYourApplication
, name of the application you wish to change, as it is known in your AAD.http://YourNewReplyUrl/
, your new reply url.(Small disclosure, I've scrapped the above code together from my existing code, I think I've copied all what's required, but I haven't tested the above result.)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With