Reputation: 53
Public Keys to decode Azure AD (all microsoft accounts) Access tokens
I am trying to decode the Access tokens and ID tokens generated by Azure Active Directory.
I have been successful with the single tenant apps, but when in process of decoding this type of app: Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)
I cannot find the public key corresponding to the "kid" I receive in the jwt header.
I have tried searching through the following discovery urls:
https://login.microsoftonline.com/{tenant_id}/discovery/keys
https://login.microsoftonline.com/common/discovery/keys
https://login.microsoftonline.com/{tenant_id}/discovery/keys?appid={client_id}
Please help me with the discovery url or the public key to use for these type of apps where the user can use any microsoft user account to sign in.
Upvotes: 3
Views: 1463
Answers (1)
Reputation: 10831
Please try with these discovery urls
https://login.microsoftonline.com/{tenant_id}/discovery/v2.0/keys
https://login.microsoftonline.com/common/discovery/v2.0/keys
https://login.microsoftonline.com/{tenant}/discovery/v2.0/keys?appid={appid}
Reference: Joonas W's blog says
The v2 endpoint allows "converged authentication", i.e. users can use either their organizational Office 365 (Azure AD) accounts or their personal Microsoft Accounts (e.g. outlook.com). In contrast, the v1 endpoint only allows authentication with Azure AD accounts.
Upvotes: 2
Related Questions
- How to verify JWT produced by Azure Ad?
- How to get Azure AD JWT in GO
- Where's the Key for My Azure AD B2C Token?
- Azure AD Signing Keys for JWT
- Azure Active Directory JWT aud value
- How to decode a jwt from azure active directory in kitura?
- Secret Key / Access Key with Azure Active Directory, enterprise application, app roles?
- Azure JWT Token Key Rotation
- Get token for Microsoft API with JWT
- Windows Azure Active Directory Bearer Authentication