Openflow openID Connect

Hi @Allan_Zimmermann , what is the redirect uri for app registration for openflow and what are the graph permissions required for it to integrate with Azure AD account?

Redirect url will be the ID of the provider you created
so for instance, I have used ms for hotmail
so the redirect url becomes ( remember the last / )

If you add using SAML ( that seem to be less error phrone ) you don’t need to add any permissions.
If you want to use open id connect, you need to add a few more permissions

Remember to use the correct endpoint ( open app registration and on overview click the “Endpoints” button )
They are doing a BAD job and showing when to use common , organizations , consumers endpoints so you may need to edit the url your self.

Hi @Allan_Zimmermann , i have applied the same, but the redirect uri error is coming.

Could you explain the what “remember the last” means in ( remember the last / ) and what value should i give in that place. also what should i give in metadataurl

it would be grateful if you could help me on this.

When you go under Authentication on the app registration and add Redirect URI, you must remember the / in the end.
I already explained how you find/generate the url to add. And i also explained where you find the metadata url in the azure portal

I feel this was never properly explained, but not sure what details is “missing”
Did you solve this or still need help ? and if you need help can you be specific in what you are having issues with ?

Hi @Allan_Zimmermann , i have properly mentioned the redirect url in the azure application, but still i am receiving improper url error


I am using http only

I am not sure if http is allowed. I know at one point they did allow using http when doman was localhost, but not sure if that is still the case.
But the error is also saying the url is not added to the application, not that it’s not allowed.
Does the guid you removed from the picture match the “consumerkey” field on the provider you added in openflow ?

( note that you cannot use the same metadataurl is me, since consumers is for windows live id’s, you should proberly use organizations together with your tenant id or common if you configured the application to allow access for any office365 tenant ) Check what the url’s are when you click “Endpoints” in the azure portal for the app


Yeah, the consumerkey is matching with the provider.
I thing the http is the problem.

Then double, double check you added http://localhost/mslogin/ to the app
Click the app
Click authentication
make sure it’s listed under Web - Redirect URL’s

I have given the same

now i am getting the following error

endless redirect loops are a pain to troubleshoot :-/
Sorry, I don’t know what is the most likely reason for this ( openflow redirect to microsoft due to the user not being signed in, microsoft send the user back with a token … So my best guess either microsoft is not sending the token as instructed ( as code in the query url ) or the secret is wrong )

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.