New oAuth 2.0 authentication - return URL mismatch?

Yeah. That’s the one. I verified tests are now passing. I need to fix those release notes. They are autogenerated by the built-in Azure DevOps task and it’s all messed up for some reason.

1 Like

Awesome! I’ll give it a go and update you :slight_smile:

Hi again @adam
Sadly, no dice.

Same 500 error on login, with and without -passthru.

Logfile size after first connection previously: 750ish KB
After nightly build: 690ish KB

Any ideas?
Do you want a copy of the logfile?

As stated earlier: the authorization policies fails, example authorization policy:

$admin = New-UDAuthorizationPolicy -Name 'Admin' -Endpoint {

    $User.Identities.Name -match ''


If i log the $User param within the auth policy the correct data is passed to them.

I’m gonna put some more logging around this scenario and see if we can get a better error message.

No sure why the auth policy is still running too frequently but I’ll look into it again today and post a new build tonight.

1 Like

Awesome! Hit me up if you need anything from my side :slight_smile:

I think I just reproduced this in the UA dashboard. I have a fix in for that and will release a nightly a bit early if you want to give it a shot. I’m trying to fix up the changelog for those releases too so it actually has info…

I’ll let you know when the release is up.

1 Like

Awesome dude, thanks :slight_smile:

I didn’t get a chance to release this early as I ran into some other issues with the fix that put in. I did eventually resolve those so tonight’s nightly should be good to test.

1 Like

Hi @adam
So i gave this a go, and seems like it has improved, however the auth policies are executed 9 times for each pageload.
From what i understand using “Get-UDAuthorizationPolicy” should retrieve cached authpolicies if there is any, and not execute the scriptblock within the authpolicy unless the cached ones are outdated?

Another issue is… i cannot seem to get my auth policies validated, the 500 error is gone though :slight_smile:
I have however sorted my auth policies, as it seems using “-match” param doesn’t work anymore on $User.Identities.Name when using oauth. Asuming a simple foreach on this would do, as oauth returns two identical identities.

$stuff = @{
    Name = "BoSen29"
    Name2 = "BoSen29"

#returns BoSen29 x2
$stuff.Values -match "Bosen29"

#Probably a working example
Foreach ($stuffs in $stuff.Values) {
    if ($stuffs -match "BoSen29") {
        return $true
return $false

I’ll test my ideas and report back!

$admin = New-UDAuthorizationPolicy -Name 'Admin' -Endpoint {
    $out = $false

    foreach ($UserId in $User.Identities.Name) {
        if ($UserId -match "bosen29") {
            $out = $true
            LogAndConsole ($UserId + " success")
        else {
            LogAndConsole ($UserId + " failed")
    return $out

This returns $true according to my logging function “LogAndConsole” (apologies for the non-verbalized function, 'twas a long time ago)

The auth policy is never taken into UD though.

This works like a charm in the regular AzureAD auth.

Smells like i need to register this as an issue on Github?

Ack. Ok. I’m looking at running the auth policies in a different way as the current way might be causing problems. It seems like there is a timing issue with the way I’m currently doing it.

I noticed that in my simple dashboard, the changes made to restrict the number of executions of the policies was fine but when you add a bunch more controls, it starts to run multiple times again. I’m seeing this in the UA dashboard. I’m also seeing it run auth policies on LOGOUT :cry:

That said, I’m hooking into the auth provider events so that they only run once and at the correct time. It’s a bit more work because each auth provider has a different set of events but this is the more correct way to do. I’m currently traveling for the holidays it probably won’t be a super quick turn around here but I’ll let you know when I have something working.

Please file an issue for now and we can use it as a place holder for this.

This sounds like a lot of work required…
On the bright side: oauth 2.0 is an open standard :slight_smile:

You enjoy your holidays, I’ve got enough projects to keep me busy during the holiday downtime.

1 Like

Are there any other reply URLs? I have the below set in my app but I always get URL specified does not match.

I was able to figure it out. The URL of the Microsoft login page showed the reply URL. Since I am in dev and using allow login over HTTP, the reply address had to be HTTP as well.

1 Like