Skip to content

Microsoft 365 / OAuth

AADSTS500113 Beispiel

Support-Felder Request / Correlation Id

Full guide: User docs Microsoft 365
Codes: AADSTS codes

Symptom: “OAuth not configured” / 503 / 409

Cause: No Azure app saved in tenant setup (missing client ID + secret).

Steps: Setup → Microsoft 365 → enter client ID & secret → redirect URI = shown callback → Save → Hub Connect again.

Symptom: AADSTS500113 — No reply address is registered

Cause: The Entra app matching the saved client ID has no Web redirect URI — or the URI was added to a different app than the client ID in LIRENO.

Steps:

  1. Note the Application (client) ID in LIRENO Setup
  2. Entra → App registrations → search that ID (not only the display name)
  3. Authentication → platform Web
  4. Enter exactly (dev example):
    https://api.dev.lireno.ch/api/v1/integrations/microsoft365/oauth/callback
  5. Save → Hub Connect again

Common mistake: New app M365-4-LIRENO got the URI, but LIRENO still has an older client ID. Either add the URI to the old app or save the new client ID + new secret in LIRENO.

Symptom: Authenticator OK, then Microsoft error page

Cause: MFA succeeded; failure is on redirect (usually missing/wrong reply address or wrong app).

Steps: Same as AADSTS500113; keep Request/Correlation Id.

Symptom: “Signed in at Microsoft”, hub not connected

Cause: Entra portal login ≠ LIRENO hub OAuth.

Steps: Integrations hub → Microsoft 365 → Connect (step C).

Cause: Graph scopes or admin consent missing.

Steps: Add Contacts.ReadWrite, offline_access, openid, profile, email → admin consent → Connect again.

Symptom: After Azure app change all companies offline

Cause: Tokens belong to the old app.

Steps: Re-Connect each company in the hub.

Symptom: Secret expired

Cause: Client secret expired in Entra.

Steps: New secret in Entra → paste into LIRENO Setup → save → reconnect hub.

When to contact support

Request Id + Correlation Id + Timestamp · Client ID (never the secret) · Tenant number · Dev or Prod callback