Application ID URI Throwing Error in Azure AD App Registration using Terraform-CodePudding

I have a web app and corresponding app registration. Many months back in the "Expose an API" section in App Registration i was able to add the URI of my web app which was "https://app-coalsa-api.azurewebsites.net" Right now when i try to do the same with another project with a similar kind of environment using Terraform, i get the error as attached in the screenshot. Any idea if this error is coming because of the new Azure AD Provider and what shall ideally be in the "Expose an API" in app registration

CodePudding user response：

Could it be that this app registration is configured as multi-tenanted?

It is a requirement for multi-tenant app registrations to have an App ID URI that uses one of the verified domains in the Azure AD tenant.

Because the azurewebsites.net is managed by Microsoft, it's not possible that it's a verified domain of your tenant, which could explain why the update fails.

See below:

For a multi-tenant application, it must be globally unique so Azure AD can find the application across all tenants. Global uniqueness is enforced by requiring the App ID URI to have a host name that matches a verified domain of the Azure AD tenant.

From https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#update-registration-to-be-multi-tenant.

CodePudding user response：

Looks like the answer is in error message itself. You can update the values inside Expose An API and possible values would be api://{object-IF-GUID} or https://{FQDN}.

Whenever any Azure AD app registration created it generates an object-Id and also linked who has triggered application id creation inside Azure AD.

you can update the values with any native azure services or any custom domain mapped to it but cant change or mapped to altogether new application otherwise it will result failure.

I have tried it and got the below error message: {"error":{"code":"HostNameNotOnVerifiedDomain","message":"Values of identifierUris property must use a verified domain of the organization or its subdomain: 'https://{test-rohit-app-name}.azurewebsites.net'","details":[{"code":"HostNameNotOnVerifiedDomain","target":"identifierUris","message":"Values of identifierUris property must use a verified domain of the organization or its subdomain: 'https://{test-rohit-app-name}.azurewebsites.net'"}]

In your scenarios, accepted values are either {webappname}.azurewebsites.net or custom domain mapped to this web app.