Azure Ad redirect Uri get http instead of https

Question

I have asp.net core project that require azure ad single sign on but I have issue that my application keep getting the redirect uri as http instead of https I tried to add the following in startup

old startup which is causing http instead of https

services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
            .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"))
            // Add the possibility of acquiring a token to call a protected web API
            .EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
            // Enables controllers and pages to get GraphServiceClient by dependency injection
            // And use an in memory token cache
            .AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
            .AddInMemoryTokenCaches();

to solve redirect uri add made the previous code as following

services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
            .AddMicrosoftIdentityWebApp(msIdentityOption =>
            {
                msIdentityOption.ClientId = Configuration["AzureAd:ClientId"];
                msIdentityOption.Scope.Add("user.read.all");

                
                msIdentityOption.Events.OnRedirectToIdentityProvider = context =>
                {
                    context.ProtocolMessage.RedirectUri = Configuration["RedirectUrl"];
                    return Task.CompletedTask;
                };

                msIdentityOption.Instance = Configuration["AzureAd:Instance"];
                msIdentityOption.TenantId = Configuration["AzureAd:TenantId"];
                msIdentityOption.ClientSecret = Configuration["AzureAd:clientSecret"];
            })
            // Add the possibility of acquiring a token to call a protected web API
            .EnableTokenAcquisitionToCallDownstreamApi(initialScopes)

            // Enables controllers and pages to get GraphServiceClient by dependency injection
            // And use an in memory token cache
            .AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
            .AddInMemoryTokenCaches();

which create a loop of redirect between login.microsoftonline.com and my application and I end up with message on login page from Microsoft we couldn't sign you in I check my log it was the following

A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details.  Original exception: AADSTS500112: The reply address 'http://mysite/signin-oidc' does not match the reply address 'https://mysite/signin-oidc' provided when requesting Authorization code.

so is there is anyway to override the redirect uri to make it as https

Answer 1

Redirect URIs are set in the app registration pane of Azure Active Directory.

If you add "https://mysite/signin-oidc" in here, you must make sure that your ASP.NET core application is also listening on "https://mysite/signin-oidc" for incoming requests to pick up the returned token(s).