Microsoft Entra ID support for appid url parameter

[marcowartmann]

OIDC is not working when Entra ID "App Registration" is configured with custom APIs.

The issue occurs cause of well-known openid-configuration and jwks uri must use an added parameter in the URL with appid speficified

Well known openid configuration:
https://login.microsoft.com/<tenant-id>/discovery/v2.0/.well-known/openid-configuration?appid=<app-id>

jwks uri:
https://login.microsoft.com/<tenant-id>/discovery/v2.0/keys?appid=<app-id>

[ericchiang]

See the thread last time this came up:

#215 (comment)

General trying to figure out Azure support is #344

OpenID discovery spec that covers forming the well-known path is https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig, which doesn't mention a strategy for URL paramaters

OpenID Providers supporting Discovery MUST make a JSON document available at the path formed by concatenating the string /.well-known/openid-configuration to the Issuer.

I don't think I want to make any changes to the library without figuring out a strategy for Azure (#344).

You may want to take a look at https://pkg.go.dev/github.com/coreos/go-oidc/v3/oidc#ProviderConfig, which was added explicitly for these kinds of issues where users need to work with providers with non-standard discovery.

Probably going to close this one out?

[ericchiang]

Ah yeah, this is a dupe of #290