Azure AD v1 OpenID Metadata Document

Q

What is the Azure AD v1.0 OpenID Metadata Document?

✍: FYIcenter.com

A

Azure AD v1.0 OpenID Metadata Document is an online JSON document that contains most of the information required for an app to perform sign-in. This includes information such as the URLs to use and the location of the service's public signing keys. The OpenID Connect metadata document can be found at: https://login.microsoftonline.com/common/.well-known/openid-configuration.

Here is a copy of the Metadata Document retrieved from the above address:

{
    "authorization_endpoint": 
       "https:\/\/login.microsoftonline.com\/common\/oauth2\/authorize",
    "token_endpoint": 
       "https:\/\/login.microsoftonline.com\/common\/oauth2\/token",
    "token_endpoint_auth_methods_supported": [
        "client_secret_post",
        "private_key_jwt",
        "client_secret_basic"
    ],
    "jwks_uri":
       "https:\/\/login.microsoftonline.com\/common\/discovery\/keys",
    "response_modes_supported": [
        "query",
        "fragment",
        "form_post"
    ],
    "subject_types_supported": [
        "pairwise"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "http_logout_supported": true,
    "frontchannel_logout_supported": true,
    "end_session_endpoint":
       "https:\/\/login.microsoftonline.com\/common\/oauth2\/logout",
    "response_types_supported": [
        "code",
        "id_token",
        "code id_token",
        "token id_token",
        "token"
    ],
    "scopes_supported": [
        "openid"
    ],
    "issuer": "https:\/\/sts.windows.net\/{tenantid}\/",
    "claims_supported": [
        "sub",
        "iss",
        "cloud_instance_name",
        "cloud_instance_host_name",
        "cloud_graph_host_name",
        "msgraph_host",
        "aud",
        "exp",
        "iat",
        "auth_time",
        "acr",
        "amr",
        "nonce",
        "email",
        "given_name",
        "family_name",
        "nickname"
    ],
    "microsoft_multi_refresh_token": true,
    "check_session_iframe":
       "https:\/\/login.microsoftonline.com\/common\/oauth2\/checksession",
    "userinfo_endpoint":
       "https:\/\/login.microsoftonline.com\/common\/openid\/userinfo",
    "tenant_region_scope": null,
    "cloud_instance_name": "microsoftonline.com",
    "cloud_graph_host_name": "graph.windows.net",
    "msgraph_host": "graph.microsoft.com",
    "rbac_url": "https:\/\/pas.windows.net"
}

As you can see the metadata document helps you with some key information about the Azure AD service.

 

Azure AD v1 Sign-On Authentication Request

Authentication Flows with Azure AD v1

Azure AD Integration v1.0

⇑⇑ OpenID Tutorials

2019-01-15, 528👍, 0💬