Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
MalaSun
Frequent Visitor

Redirect URI Mismatch (AADSTS50011) in Power BI Embedded App with MSAL Python

‎06-28-2025 09:50 AM

Hi Community,

I'm trying to embed a Power BI report in my local Python Flask web app using MSAL interactive login. But I keep hitting this error:

AADSTS50011: The redirect URI 'http://localhost:5000/getAToken' specified in the request does not match the configured redirect URIs in Azure.

💻 Setup:

What works:

  • Service Principal flow using generate_embed_token.py works perfectly and gives the embed token and URL.

What I need help with:

How do I fix this redirect URI mismatch so I can test interactive login locally?

I’ve attached screenshots of Azure portal and error page.

Thanks in advance,
Mala Sun
stonerosetreasury.co.uk

Labels:
Message 1 of 12
1,117 Views
0
11 REPLIES 11
v-echaithra
Community Support
Community Support

‎07-13-2025 10:38 PM

Hi @MalaSun ,

We wanted to check whether the issue has been resolved with the help of our support team. If it has, we kindly ask you to share the solution here and mark it as the accepted answer so that other users can benefit as well.

If you still have any questions or need further assistance, please don’t hesitate to let us know. We’re more than happy to continue supporting you.

Thank you for your patience. We look forward to hearing from you.

Best regards,
Chaithra E.

Message 12 of 12
472 Views
0
v-echaithra
Community Support
Community Support

‎07-07-2025 04:44 AM

Hi @MalaSun ,

 

As we haven’t heard back from you, so just following up to our previous message. I'd like to confirm if you've successfully resolved this issue by raising a support ticket or if you need further help.

If yes, you are welcome to share your workaround or solution provided by the support and mark it as a solution so that other users can benefit as well. If you find a reply particularly helpful to you, you can also mark it as a solution.
If you still have any questions or need more support, please feel free to let us know. We are more than happy to continue to help you.

Thank you for your patience and look forward to hearing from you.
Best Regards,
Chaithra E.

Message 10 of 12
623 Views
0
MalaSun
Frequent Visitor
In response to v-echaithra

‎07-07-2025 09:41 AM

Hi Chaithra, 

Unfortunately, I still haven't heard back from the support team from Power BI Platform. I am going to give another go to chase them. I will share the solution here if I get the answer from the support team. 

 

Thank you, 

Best regards, 

Message 11 of 12
612 Views
0
v-echaithra
Community Support
Community Support

‎07-03-2025 03:08 AM

Hi @MalaSun ,

We wanted to kindly follow up to check if the solution provided for the issue worked? or Let us know if you need any further assistance?
If our response addressed, please mark it as Accept as solution and click Yes if you found it helpful.

 

Regards,
Chaithra.

Message 8 of 12
721 Views
0
MalaSun
Frequent Visitor
In response to v-echaithra

‎07-03-2025 02:28 PM

Hi Chaitra, 

Thank you for your kind message to follow up on my quesiton. Your informative answer, which proided detailed steps to look into potential areas which migh have caused the problems I am facing, unfortunately, it didn't fix the problem. I raised a ticket to the Power Platform support and still waiting for them to respond. 

 

Thank you again for your kindness! 

 

Best regards, 

Mala 

Message 9 of 12
708 Views
0
v-echaithra
Community Support
Community Support

‎06-30-2025 04:12 AM

Hi @MalaSun ,

Thank you for reaching out to Microsoft Community.

Based on your description I understand that you are encountering AADSTS50011 error when you try to authenticate users and generate Power BI embed tokens.
If the redirect URI the application sent doesn't match any of the redirect URIs in Microsoft Entra ID, error AADSTS50011 will be returned. If the values match, Microsoft Entra ID sends the user to the redirect URI.
Azure AD only allows redirects to URIs that are explicitly registered in the App Registration's redirect URIs list. When using Ngrok or switching from localhost to something else, the URI changes and needs to be registered.

Copy the application ID from the error message. or identify the redirect URI your app is using
Go to the Azure portal. Make sure you sign in to the portal by using an account that has permissions to update Microsoft Entra Application registration.
Navigate to Microsoft Entra ID, select App registrations, locate the application registration by using the application ID, and then open the app registration page.
On the app registration page, select Authentication. In the Platform configurations section, select Add URI to add the redirect URI displayed in the error message to Microsoft Entra ID.
Save the changes and wait three to five minutes for the changes to take effect, and then send the login request again.
If the redirect URI sent from the application isn't the desired one, you should update your application code or configuration.

If the redirect URI sent from the application isn't the desired one, you should update your application code or configuration.

How to fix the reply URL mismatch error in Entra ID - Microsoft Identity Platform

 

If our response addressed, please mark it as Accept as solution and click Yes if you found it helpful.

 

Regards,
Chaithra.

 

Message 7 of 12
936 Views
MalaSun
Frequent Visitor

‎06-28-2025 12:30 PM

Thank you. Do you recommend to use Ngrok to creae a secure public URL ? 

Message 6 of 12
1,062 Views
0
MalaSun
Frequent Visitor

‎06-28-2025 02:02 PM

  • I am using msal with acquire_token_interactive on Windows

  • Ngrok is tunneling to http://localhost:5000

  • You added the correct public Ngrok URL to Azure Redirect URIs

  • You forced Flask to run on port 5000

  • You’re seeing errors like:
    AADSTS50011: The redirect URI 'http://localhost:50896' does not match...

3. Mention these specifics:

  • Flask version

  • msal version

  • .env content for REDIRECT_URI (redacted sensitive keys)

  • Whether the redirect URI is being overwritten at runtime

Message 5 of 12
1,073 Views
0
MalaSun
Frequent Visitor

‎06-28-2025 02:06 PM

Hi everyone,

I'm building a Flask web app that uses the msal Python library to authenticate users and generate Power BI embed tokens using the Service Principal flow.

I'm trying to run the app locally and expose it using Ngrok, so the Azure App Registration can receive the correct redirect. However, I keep hitting this error:

rust
CopyEdit
AADSTS50011: The redirect URI 'http://localhost:50896' specified in the request does not match the redirect URIs configured for the application...

🧱 Project Setup:

⚙️ .env variables:

🧩 Code Snippets:

python
CopyEdit
REDIRECT_PATH = "/getAToken" REDIRECT_URI = os.getenv("REDIRECT_URI") app_msal = msal.PublicClientApplication( CLIENT_ID, authority=AUTHORITY ) result = app_msal.acquire_token_interactive( scopes=SCOPE, redirect_uri=REDIRECT_URI # <- using Ngrok public URL )

I also made sure my Flask app runs only on port 5000:

bash
CopyEdit

What I've already done:

  • Verified Ngrok is running and mapped correctly to port 5000.

  • Added the exact Ngrok redirect URI (with /getAToken) in Azure App Registration.

  • Exported the Ngrok URL to REDIRECT_URI in my .env file.

  • Confirmed the value is correctly loaded and passed to acquire_token_interactive().

  • I tried this multiple times and confirmed the mismatch message still mentions localhost, not the Ngrok URL.

My Question:

Why does acquire_token_interactive() still fall back to localhost despite my explicitly passed redirect_uri?

Has anyone successfully used msal.acquire_token_interactive() with Ngrok + Flask in a Power BI embedding scenario?

Any tips or workarounds would be hugely appreciated!

Thanks in advance 🙏

Let me know if you'd like me to help format it for GitHub (MSAL repo) too.

 
 
 
 
Message 4 of 12
1,073 Views
0
MalaSun
Frequent Visitor

‎06-29-2025 12:23 AM

I’m building a Flask + MSAL app to embed Power BI reports, using acquire_token_interactive(). I launch ngrok to tunnel localhost:5000, and configured Azure app registration with two redirect URIs:

My .env and code set:

REDIRECT_URI = os.getenv("REDIRECT_URI")
result = cca.acquire_token_interactive(
scopes=SCOPE,
redirect_uri=REDIRECT_URI,
port=5000
)

 

But I still get:

AADSTS50011: The redirect URI 'http://localhost:50896' specified in the request does not match

Context:

  • Flask version: X.Y.Z

  • msal version: X.Y.Z

  • CLIENT_ID, TENANT_ID, CLIENT_SECRET, WORKSPACE_ID, REPORT_ID, REDIRECT_URI set correctly in .env.

  • Flask runs app.run(host="localhost", port=5000)

What I’ve tried:

  • Registering both ngrok and localhost URIs in Azure

  • Using port=5000 explicitly in acquire_token_interactive()

  • Ensuring host is localhost, not 127.0.0.1

  • Restarting ngrok and app after changes

Still stuck with random port 50896 showing up in the error, even though port=5000 and hosts match.

Question:

  1. Why is MSAL overriding the port?

  2. How do I force MSAL to stick with the 5000 port?

  3. Are there additional Azure settings I need (e.g., implicit grant, logout URI)?

Message 3 of 12
1,066 Views
0
lbendlin
Super User
Super User

‎06-28-2025 11:05 AM

the Power BI service has no way to get to "localhost".  You need to redo your app registration and provide a valid URI that is accessible from the Power BI service.

Message 2 of 12
1,077 Views

Helpful resources

Announcements
Fabric July 2025 Monthly Update Carousel

Fabric Monthly Update - July 2025

Check out the July 2025 Fabric update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All