The V2.0 endpoint is the endpoint that allows you to sign in with the converged Microsoft and Azure Active Directory accounts.
From an OpenID / OAuth perspective, the discovery documents can be found at:
V1.0:
https://login.microsoftonline.com/common/.well-known/openid-configuration
V2.0:
https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
Notice the extra "V2.0".
If we look at the keys, we see for V1.0:
https://login.microsoftonline.com/common/discovery/keys
And for V2.0 :
https://login.microsoftonline.com/common/discovery/v2.0/keys
You will notice that V2.0 has four signing keys while v1.0 only has two.
V2.0 is the endpoint used by B2C.
Don't assume that tokens signed by Azure AD (V1.0) are also acceptable for B2C (V2.0) and vice versa.
This will be true when AAD and B2C are merged at some point in the future but right now it's a gotcha!
Enjoy!
No comments:
Post a Comment