fix(idp): provide id_token for tenant id based azure ad (#7188)

* fix(idp): provide id_token for tenant based azure ad * comments * remove unintentional changes
2025-08-12 10:57:35 +00:00 · 2024-01-10 16:02:17 +01:00
parent 1a1bb564b9
commit 7c592ce638
7 changed files with 96 additions and 18 deletions
--- a/internal/idp/providers/azuread/azuread.go
+++ b/internal/idp/providers/azuread/azuread.go
@@ -13,8 +13,10 @@ import (
 )

 const (
+	issuerTemplate   string = "https://login.microsoftonline.com/%s/v2.0"
 	authURLTemplate  string = "https://login.microsoftonline.com/%s/oauth2/v2.0/authorize"
 	tokenURLTemplate string = "https://login.microsoftonline.com/%s/oauth2/v2.0/token"
+	keysURLTemplate  string = "https://login.microsoftonline.com/%s/discovery/v2.0/keys"
 	userURL          string = "https://graph.microsoft.com/v1.0/me"
 	userinfoEndpoint string = "https://graph.microsoft.com/oidc/userinfo"

@@ -50,6 +52,16 @@ type Provider struct {
 	options       []oauth.ProviderOpts
 }

+// issuer returns the OIDC issuer based on the [TenantType]
+func (p *Provider) issuer() string {
+	return fmt.Sprintf(issuerTemplate, p.tenant)
+}
+
+// keysEndpoint returns the OIDC jwks_url based on the [TenantType]
+func (p *Provider) keysEndpoint() string {
+	return fmt.Sprintf(keysURLTemplate, p.tenant)
+}
+
 type ProviderOptions func(*Provider)

 // WithTenant allows to set a [TenantType] (can also be a Tenant ID)