1 minute read

TL;DR

The Authorization callback URL in a GitHub OAuth App is case-sensitive.

Issue → Solution

Today I tested Azure AD B2C with GitHub as an Identity Provider. Microsoft has some excellent steps on how to do this. I followed these articles:

  1. Tutorial — Create an Azure Active Directory B2C tenant - Microsoft Learn
  2. Tutorial: Register a web application in Azure Active Directory B2C — Azure AD B2C - Microsoft Learn
  3. Tutorial — Create user flows and custom policies — Azure Active Directory B2C - Microsoft Learn
  4. Set up sign-up and sign-in with a GitHub account — Azure AD B2C - Microsoft Learn

Everything was very straightforward, until the moment I executed the “Run user flow” to test this example setup.

I was able to login into my GitHub account and when I got redirected to jwt.ms had the following error:

AADB2C90273: An invalid response was received : 'Error: redirect_uri_mismatch,Error Description: The redirect_uri MUST match the registered callback URL for this application.,Error Uri: https://docs.github.com/apps/managing-oauth-apps/troubleshooting-authorization-request-errors/#redirect-uri-mismatch'
Correlation ID: 123456-4321-6789-9876-abcd12345678
Timestamp: 2023-02-10 14:16:22Z

The description is very clear and yet I had no misconfiguration after following the tutorials.

When I was almost at the point of giving up, I went back to my GitHub OAuth application settings. Here we have the config field Authorization callback URL. Which is where the GitHub error response is referring to. This field is filled in with a value I copy/pasted from the Azure Portal, so I had no typos.

It was, however, a combination of upper and lower cases…

So as last resort, I updated this value to all lower cases, and behold, problem solved!

https://MyTenantnName.b2clogin.com/MyTenantName.onmicrosoft.com/oauth2/authresp
-->
https://mytenantname.b2clogin.com/mytenantname.onmicrosoft.com/oauth2/authresp

Hopefully, this can spare you some time.