Azure AD v2 OpenID Metadata Document

Q

What is the Azure AD v2.0 OpenID Metadata Document?

✍: FYIcenter.com

A

Azure AD v2.0 OpenID Metadata Document is an online JSON document that contains most of the information required for an app to perform sign-in. This includes information such as the URLs to use and the location of the service's public signing keys. The OpenID Connect metadata document can be found at: https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration.

Here is a copy of the Metadata Document retrieved from the above address:

{
    "authorization_endpoint": "https:\/\/login.microsoftonline.com\/common\/oauth2\/v2.0\/authorize",
    "token_endpoint": "https:\/\/login.microsoftonline.com\/common\/oauth2\/v2.0\/token",
    "token_endpoint_auth_methods_supported": [
        "client_secret_post",
        "private_key_jwt",
        "client_secret_basic"
    ],
    "jwks_uri": "https:\/\/login.microsoftonline.com\/common\/discovery\/v2.0\/keys",
    "response_modes_supported": [
        "query",
        "fragment",
        "form_post"
    ],
    "subject_types_supported": [
        "pairwise"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "http_logout_supported": true,
    "frontchannel_logout_supported": true,
    "end_session_endpoint": "https:\/\/login.microsoftonline.com\/common\/oauth2\/v2.0\/logout",
    "response_types_supported": [
        "code",
        "id_token",
        "code id_token",
        "id_token token"
    ],
    "scopes_supported": [
        "openid",
        "profile",
        "email",
        "offline_access"
    ],
    "issuer": "https:\/\/login.microsoftonline.com\/{tenantid}\/v2.0",
    "claims_supported": [
        "sub",
        "iss",
        "cloud_instance_name",
        "cloud_instance_host_name",
        "cloud_graph_host_name",
        "msgraph_host",
        "aud",
        "exp",
        "iat",
        "auth_time",
        "acr",
        "nonce",
        "preferred_username",
        "name",
        "tid",
        "ver",
        "at_hash",
        "c_hash",
        "email"
    ],
    "request_uri_parameter_supported": false,
    "userinfo_endpoint": "https:\/\/graph.microsoft.com\/oidc\/userinfo",
    "tenant_region_scope": null,
    "cloud_instance_name": "microsoftonline.com",
    "cloud_graph_host_name": "graph.windows.net",
    "msgraph_host": "graph.microsoft.com",
    "rbac_url": "https:\/\/pas.windows.net"
}

As you can see the metadata document helps you with some key information about the Azure AD service.

 

Azure AD v2 Sign-On Authentication Request

Authentication Flows with Azure AD v2

Azure AD Integration v2.0

⇑⇑ OpenID Tutorials

2021-01-09, 512👍, 0💬