Android 14+ MSAL redirect URI fails when Base64 SHA-1 contains '+' (decoded as space)

[rabiea]

On Android 14+, MSAL Android fails redirect URI validation when the app’s signing certificate Base64-encoded SHA-1 contains a + character.
Although the SHA-1 and redirect URI are correct and registered in Azure Entra ID, Android decodes + to a space in the URI path. MSAL then compares:
Expected: msauth:///+/
Received: msauth:/// /

Environment
Device: Pixel (physical device)
Android: 16
MSAL: 7.0.1

MsalClientException:
The redirect URI in the configuration file doesn't match with the one generated with package name and signature hash.

To Reproduce
Sign an Android app with a certificate whose Base64 SHA-1 contains (plus) +/ at the start of hash character (e.g. +/lRvk...)
Register the Android platform in Azure Entra ID
Use the generated redirect URI:
msauth:///+/
Configure the same redirect URI in msal_config.json
Call acquireToken(...)
Redirect URI validation fails

[github-actions]

Thank you for opening this issue! We appreciate you taking the time to help improve MSAL Android.

In the meantime, you might find helpful information in our:

• Common Issues Guide
• Configuration Template
• Code Snippets for correct API usage

---

This is an automated response. A team member will review your issue soon.