Azure App Service error: AADSTS50011: The reply address 'https://.azurewebsites.net/signin-oidc' does not match the reply addresses configured for the application:

Overview

When you deploy an Azure Active Directory application that was working great locally you may get the following error when logging in:  AADSTS50011: The reply address 'https://<yourwebapp>.azurewebsites.net/signin-oidc' does not match the reply addresses configured for the application: 'c8a23e63-b4e3-4d10-9cf8-0fca55207424'. More details: not specified

This error would be specific to Azure App Services authentication (Easy Auth)

AADSTS50011: The reply address 'https://<yourwebapp>/.auth/login/aad/callback' does not match the reply addresses configured for the application: 'c8a23e63-b4e3-4d10-9cf8-0fca55207424'. More details: not specified 

How to fix this

This error says it all!  When you deploy your Active Directory Web app to Azure you need to ensure you add this URL to the Azure Active Directory application (or have someone with the permissions to manage you application in AD to this for you).

Go to the Azure portal: https://portal.azure.com sign in and click on the Azure Active Directory icon on the left. Then click on the ‘App registrations’ icon in the middle pane.  In the search box enter the application from the error message and choose ‘All apps’ from the dropdown:

 

Click on your application, then the Settings icon, select the ‘Reply URLs’ from the list.  Paste in the name of the reply URL from the error message you had and ‘Save’:

Now you should be able to login with out that error message!

Conclusion

Just a quick blog but I hope it saves you some time!