Support for tokens issued by OIDC v2.0 of the Azure AD #7
Comments
|
Hi @miroag , I'm experiencing the same problem you described regarding Azure AD's OIDC versions. Could you please share the solution you prepared? It would be really helpful. Thanks in advance! |
|
Hi @siunhanvjp |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Azure AD supports two versions of the OIDC. v2.0 has been available since 2019 and, in general, recommended by MS. Both versions are still supported.
The problem is that this library only supports v1.0. I do not know all the details, but from a validation perspective, the only difference is where to get the
well_knownconfig.For v1.0 it's https://login.microsoftonline.com/{{tenant}}/.well-known/openid-configuration
Where for the v2.0 it's https://login.microsoftonline.com/{{tenant}}/v2.0/.well-known/openid-configuration
It would look like the public certificates did not change, but there are differences in the issuers:
Hence, validation of the token would fail if the token is issued by the OIDC v2.0.
I've prepared the change if you are interested, but cannot push the branch.
The text was updated successfully, but these errors were encountered: