High severityauthentication
Power BI Error:
AADSTS70004, Redirect URI mismatch
What does this error mean?
The redirect_uri sent in the auth request doesn't match any redirect URI registered on the Entra ID (Azure AD) app registration.
Common causes
- 1The redirect_uri in the auth request is not registered on the app's Authentication blade in Entra ID (Azure AD)
- 2Scheme mismatch: app sends http:// while only https:// is registered (or vice versa for localhost)
- 3Trailing slash, casing, port or path difference between the request and the registered URI (matching is case-sensitive and exact)
- 4Redirect URI is registered under the wrong platform type (Web vs SPA vs Public client/native) for the flow being used
- 5Wrong app (client_id) used — the URI is registered on a different app registration in another tenant or environment
How to fix it
- 1Capture the exact redirect_uri value from the failing request (browser address bar at the moment of failure, or the `redirect_uri` query parameter in the /authorize URL) — copy it verbatim, including scheme, port, path and any trailing slash
- 2Open Entra ID (Azure AD) → App registrations → select the app matching the client_id in the request → Authentication, and compare the registered Redirect URIs against the captured value character-by-character
- 3Add the missing URI under the correct platform (Web for confidential clients/server-side, SPA for browser-based PKCE flows, Mobile/desktop for public clients) and Save
- 4If the URI is already there, fix the client side instead: align the redirect_uri parameter in your MSAL/ADAL/OIDC config with the registered value exactly (no env-substitution typos, no stale localhost port)
- 5Re-test in a fresh incognito session to bypass cached tokens; if the app is multi-tenant, verify the redirect URI is registered on the home tenant's app registration, not a consented copy