What causes AADSTS50050?

Malformed or missing tenant identifier in the authority URL (e.g. typo in the GUID, or using 'common' where a specific tenant is required). Missing or incorrectly encoded required parameters (client_id, redirect_uri, response_type, scope) in the authorization request. Redirect URI in the request does not exactly match a redirect URI registered on the app in Entra ID (case, trailing slash, http vs https). Custom or outdated authentication library constructing a non-standard /.well-known/openid-configuration or /authorize URL. Power BI Gateway / on-prem connector configured with an invalid OAuth endpoint or proxy that rewrites the request

How do I fix AADSTS50050?

Capture the full request URL sent to login.microsoftonline.com (browser network tab or Fiddler) and inspect it for missing/empty query parameters and incorrect URL-encoding. Verify the authority: it must be https://login.microsoftonline.com/{tenant-id-or-domain}/ — replace 'common' with your tenant GUID or verified domain if the app is single-tenant. In the Entra admin center → App registrations → Authentication, confirm the redirect_uri in the request matches a registered URI exactly (protocol, host, port, path, casing). If using MSAL/ADAL or a custom library, upgrade to the latest MSAL version and rebuild the request — ADAL is deprecated and known to produce malformed discovery requests against newer endpoints. For Power BI / ADF / Fabric: re-sign-in the data source credentials or recreate the linked service so the gateway regenerates the OAuth request with current tenant metadata

Low severityauthentication

Power BI Error:
AADSTS50050

What does this error mean?

Entra ID (Azure AD) rejected the sign-in because the discovery/authorization request URL is malformed or missing required parameters.

Common causes

1Malformed or missing tenant identifier in the authority URL (e.g. typo in the GUID, or using 'common' where a specific tenant is required)
2Missing or incorrectly encoded required parameters (client_id, redirect_uri, response_type, scope) in the authorization request
3Redirect URI in the request does not exactly match a redirect URI registered on the app in Entra ID (case, trailing slash, http vs https)
4Custom or outdated authentication library constructing a non-standard /.well-known/openid-configuration or /authorize URL
5Power BI Gateway / on-prem connector configured with an invalid OAuth endpoint or proxy that rewrites the request

How to fix it

1Capture the full request URL sent to login.microsoftonline.com (browser network tab or Fiddler) and inspect it for missing/empty query parameters and incorrect URL-encoding
2Verify the authority: it must be https://login.microsoftonline.com/{tenant-id-or-domain}/ — replace 'common' with your tenant GUID or verified domain if the app is single-tenant
3In the Entra admin center → App registrations → Authentication, confirm the redirect_uri in the request matches a registered URI exactly (protocol, host, port, path, casing)
4If using MSAL/ADAL or a custom library, upgrade to the latest MSAL version and rebuild the request — ADAL is deprecated and known to produce malformed discovery requests against newer endpoints
5For Power BI / ADF / Fabric: re-sign-in the data source credentials or recreate the linked service so the gateway regenerates the OAuth request with current tenant metadata

Frequently asked questions

What does AADSTS50050 mean?

The request is malformed.

How do I fix this error?

Check your application registration, token configuration, and user permissions in the Azure portal. Review Conditional Access policies if the error is policy-related.

Source · learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes