Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for the special common/organizations/consumers Azure AD tenants #714

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Commits on Apr 8, 2024

  1. Add support for the special common/organizations/consumers Azure AD t…

    …enants
    
    When not targeting a specific Azure AD tenant (specified by a tenant GUID in
    the discovery document URL) but rather one of the "common", "organizations"
    or "consumers" multi-tenant aliases (see 1), discovery document parsing and ID
    token validation require a few extra steps:
    
    * The discovery document's "issuer" value contains the special placeholder
      "{tenantid}". As '{' and '}' are invalid characters in URLs, AppAuth has to
      URL encode these characters before the issuer URL can be parsed by NSURL in
      OIDServiceDiscovery.m.
    * The same "{tenantid}" placeholder needs to be replaced with the actual
      tenant ID of the authenticated user, from the "tid" claim (see 2) of the ID
      token, before ID token validation is performed in OIDAuthorizationService.m.
    
    1: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc#fetch-the-openid-connect-metadata-document
    2: https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens#payload-claims
    ntherning committed Apr 8, 2024
    Configuration menu
    Copy the full SHA
    7d8518a View commit details
    Browse the repository at this point in the history