What causes AADSTS900971?

The client application builds the /authorize or /token URL without including the redirect_uri query parameter. An MSAL/ADAL configuration where RedirectUri is null, empty, or overwritten to an empty string before the request is signed. The app registration in Microsoft Entra ID (Azure AD) has no Redirect URIs configured under Authentication, so the SDK has nothing to send. A custom or in-house OAuth client (Postman collection, PowerShell script, embedded webview) wired up without a redirect_uri value. A reverse proxy, SSO gateway, or API Management policy rewrites the auth request and strips redirect_uri from the query string

How do I fix AADSTS900971?

Capture the failing /authorize request (browser network tab, Fiddler, or HAR) and verify that redirect_uri is genuinely absent — if it's present but mismatched you'd see AADSTS50011 instead, so confirm this really is the 'missing' case. In the Azure portal go to Microsoft Entra ID → App registrations → your app → Authentication, pick the correct platform (Web, SPA, or Public client/native) and add a Redirect URI matching the one your client will send. In your client code or MSAL/ADAL config set the RedirectUri / redirectUri property explicitly to one of the URIs registered in step 2 — it must match exactly, including scheme, host, port, and trailing slash. For Power BI Embedded, custom connectors, or service principal flows, confirm the platform type matches the OAuth flow (Public client for device code, Web for confidential client with code flow) — the wrong platform causes redirect_uri to be silently dropped. If a reverse proxy, APIM policy, or SSO gateway sits in front of login.microsoftonline.com, inspect its rewrite rules and ensure redirect_uri is preserved on the outbound request, then re-run the sign-in to confirm the parameter now reaches Entra ID

Low severityauthentication

Power BI Error:
AADSTS900971

What does this error mean?

The authorization request to Microsoft Entra ID (Azure AD) was sent without a redirect_uri parameter.

Common causes

1The client application builds the /authorize or /token URL without including the redirect_uri query parameter
2An MSAL/ADAL configuration where RedirectUri is null, empty, or overwritten to an empty string before the request is signed
3The app registration in Microsoft Entra ID (Azure AD) has no Redirect URIs configured under Authentication, so the SDK has nothing to send
4A custom or in-house OAuth client (Postman collection, PowerShell script, embedded webview) wired up without a redirect_uri value
5A reverse proxy, SSO gateway, or API Management policy rewrites the auth request and strips redirect_uri from the query string

How to fix it

1Capture the failing /authorize request (browser network tab, Fiddler, or HAR) and verify that redirect_uri is genuinely absent — if it's present but mismatched you'd see AADSTS50011 instead, so confirm this really is the 'missing' case
2In the Azure portal go to Microsoft Entra ID → App registrations → your app → Authentication, pick the correct platform (Web, SPA, or Public client/native) and add a Redirect URI matching the one your client will send
3In your client code or MSAL/ADAL config set the RedirectUri / redirectUri property explicitly to one of the URIs registered in step 2 — it must match exactly, including scheme, host, port, and trailing slash
4For Power BI Embedded, custom connectors, or service principal flows, confirm the platform type matches the OAuth flow (Public client for device code, Web for confidential client with code flow) — the wrong platform causes redirect_uri to be silently dropped
5If a reverse proxy, APIM policy, or SSO gateway sits in front of login.microsoftonline.com, inspect its rewrite rules and ensure redirect_uri is preserved on the outbound request, then re-run the sign-in to confirm the parameter now reaches Entra ID

Frequently asked questions

What does AADSTS900971 mean?

No reply address provided.

How do I fix this error?

Check your application registration, token configuration, and user permissions in the Azure portal. Review Conditional Access policies if the error is policy-related.

Source · learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes