Customer configures the following redirect URLs for his registered application in Azure AD
and issues the following request to authenticate to Azure AD:
GET https://login.microsoftonline.com/<tenant id>/oauth2/authorize?client_id=<app id>&redirect_uri=https%3a%2f%2flocalhost%3a44396%2fbac%2faad%3freqId%3dA123&response_mode=form_post&….
The redirected URL does not have anything after the query string.
The behavior is by design. This is an Azure AD’s security feature to prevent Covert Redirect attack.
We recommend customer to make use of the ‘state’ parameter instead of using query string to preserve the state of the request.