Share via

Authorization Code Authentication Flow Implementation Discussion

Divanshu Johar 40 Reputation points
2025-11-17T08:36:30.5666667+00:00

We have an application 'Infosys Bot Migrator' that migrates RPA bots to Power Automate bots.

We have Dataverse app for authentication and storing the Power Automate Desktop flows into Azure.

Current APIs that are enabled as:

Microsoft Graph: User.Read, Group.Read.All (Application, admin consent)

Dynamics CRM: user_impersonation (Delegated)

PowerApps Services: user_impersonation (Delegated)

Currently, we are using Device code flow authentication approach and working fine for our use case. We want to use Authorization code flow instead of device code flow.

We are getting minor errors regarding https://learn.microsoft.com/en-us/answers/questions/5620558/what-apis-permissions-must-be-enabled-for-authoriz

On adding redirect URI, then this is happening

The connection for this site is not secure

localhost sent an invalid response..

Please help us with complete breakthrough for this. I am waiting for your reply

Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Chen Tran 4,550 Reputation points Independent Advisor
    2025-11-17T11:19:45.2466667+00:00

    Hello Johar,

    Thank you for posting question on Microsoft Windows Forum.

    Based on the provided error message "The connection for this site is not secure / localhost sent an invalid response". The possible cause for that error might be of how the redirect URI is registered vs how the browser is actually connecting to it (HTTP vs HTTPS, port mismatch, or an untrusted local cert).

    On the other hand, when you registered an https://localhost… redirect but your local redirect endpoint is not serving a valid TLS certificate or (the browser will not trust the cert). The browser then blocks the callback and shows “site is not secure / invalid response”.

    The following are some suggested troubleshooting steps for this issue.

    1.Change Redirect to Loopback HTTP.

    • In Azure AD → App Registration → Authentication → Add your chosen Redirect URI like http://localhost:53123 under Mobile and desktop applications.
    • Update your app to listen on that port and to expect the authorization callback there.
    • Try the auth flow again. Browser will do an HTTP callback — no TLS required — this will probably remove the “site not secure” error.

    2.If You Need HTTPS Redirect.

    • Keep https://localhost:port in registration.
    • Ensure your local server uses a TLS cert trusted by the OS/browser (trust the dev cert). Tools: dotnet dev-certs https --trust (for dotnet dev), or mkcert to create and trust local CA certs.
    • Once the certificate is trusted, the browser will accept the callback.

    For further reference regarding your concern.

    Hope the above information is helpful! If it is. Free feel to hit "Accepted" for benefitting others in community having the same issue too.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.