azureazure-active-directoryazure-web-app-serviceterraform-provider-azureazure-appservice

Application ID URI Throwing Error in Azure AD App Registration using Terraform


I have a web app and corresponding app registration. Many months back in the "Expose an API" section in App Registration i was able to add the URI of my web app which was "https://app-coalsa-api.azurewebsites.net" Right now when i try to do the same with another project with a similar kind of environment using Terraform, i get the error as attached in the screenshot. Any idea if this error is coming because of the new Azure AD Provider and what shall ideally be in the "Expose an API" in app registrationenter image description here


Solution

  • Could it be that this app registration is configured as multi-tenanted?

    It is a requirement for multi-tenant app registrations to have an App ID URI that uses one of the verified domains in the Azure AD tenant.

    Because the azurewebsites.net is managed by Microsoft, it's not possible that it's a verified domain of your tenant, which could explain why the update fails.

    See below:

    For a multi-tenant application, it must be globally unique so Azure AD can find the application across all tenants. Global uniqueness is enforced by requiring the App ID URI to have a host name that matches a verified domain of the Azure AD tenant.

    From https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#update-registration-to-be-multi-tenant.