AADST90013: Invalid input received from the user

[jpcapone]

When I attempt to run ManagedDevices_Get.ps1 I get the error listed in the title. Any suggestions would be appreciated!

[bezik46]

You need to read the section & follow it

# Using this authentication method requires a clientID.  Register a new app in the Entra ID admin center to obtain a clientID.  More information
# on app registration and clientID is available here: https://learn.microsoft.com/entra/identity-platform/quickstart-register-app ```

[bezik46]

And as to required permissions, it is anybody guess

https://learn.microsoft.com/en-us/graph/permissions-reference#delegated-permissions-35.

The whole lot is so confusing! & badly documented

I am using app with these permissions (probably only delegated are needed)

Microsoft Graph (24)

AuditLog.Read.All
Application

BitlockerKey.Read.All
Delegated

BitlockerKey.ReadBasic.All
Delegated

Device.Read.All
Delegated

Device.Read.All
Application

DeviceManagementConfiguration.Read.All
Delegated

DeviceManagementConfiguration.Read.All
Application

DeviceManagementConfiguration.ReadWrite.All
Delegated

DeviceManagementConfiguration.ReadWrite.All
Application

DeviceManagementManagedDevices.Read.All
Delegated

DeviceManagementManagedDevices.Read.All
Application

DeviceManagementManagedDevices.ReadWrite.All
Delegated

DeviceManagementManagedDevices.ReadWrite.All
Application

Directory.Read.All
Delegated

Directory.Read.All
Application

Directory.ReadWrite.All
Delegated

Directory.ReadWrite.All
Application

Group.Read.All
Delegated

Group.Read.All
Application

Organization.Read.All
Delegated

Organization.Read.All
Application

User.Read
Delegated

User.Read.All
Delegated

User.Read.All
Application```

[jpcapone]

I resolved this error AADSTS500113: No reply address is registered for the application. with a redirect urlhttp://localhost now i get Authorization Access Token is null, please re-run authentication.
Any suggestions?

[jcousineaugd]

You need to read the section & follow it

# Using this authentication method requires a clientID.  Register a new app in the Entra ID admin center to obtain a clientID.  More information
# on app registration and clientID is available here: https://learn.microsoft.com/entra/identity-platform/quickstart-register-app ```

Can you please elaborate on the steps you think we're missing? We are also getting the same "AADSTS50013: No reply address is registered for the application." error and are not sure what we may have missed.

We followed the documentation located here to set up our App Registration. It is obviously missing some steps and/or does not fully explain how this new App Registration needs to be configured.

I tried adding multiple redirect URIs as shown below:

But then we just get this error: "AADSTS50011: The redirect URI 'urn:ietf:wg:oauth:2.0:oob' specified in the request does not match the redirect URIs configured for the application '9a6e3dee-a1e4-4d6a-9e51-74b178f29d12'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal."

Any help would be greatly appreciated, thank you!

[jpcapone]

I kinda gave up on this whole thing but in an effort to assist I can explain what I remember of what I did. For the app registration I created I went to the location described in the screenshot below:

And then I entered http://localhost for the Web Redirect URI. This did stop the AADSTS50013 error but I couldnt get any further. I hope this helps you!