Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,473 questions
Public Keys to decode Azure AD (all microsoft accounts) Access tokens
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 2%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Gautam Manoharan
11
Reputation points
I am trying to decode the Access tokens and ID tokens generated by Azure Active Directory.
I have been successful with the single tenant apps, but when decoding this type of app:
Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)
I cannot find the public key corresponding to the "kid" I receive in the jwt header.
I have tried searching through the following discovery urls:
https://login.microsoftonline.com/{tenant_id}/discovery/keys
https://login.microsoftonline.com/common/discovery/keys
https://login.microsoftonline.com/{tenant_id}/discovery/keys?appid={client_id}
Please help me with the discovery url or the public key to use for these type of apps where the user can use any microsoft user account to sign in.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
VipulSparsh-MSFT 16,231 Reputation points Microsoft Employee2021-08-11T12:26:24.57+00:00 @Gautam Manoharan Can you share the response you received, https://login.microsoftonline.com/common/discovery/keys should have worked for you. We will try to check from our side once we have the response.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 65%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Rahul Sadaphal 40 Reputation points2023-01-24T03:37:20.0466667+00:00 Hi @Gautam Manoharan Have u solved the above issue. I am also facing the same error. I cannot find token kid in the discovery/keys url. Plese let me know if u have solved this issue as I am also stuck here and cannot find any solution.
-
Rahul Sadaphal 40 Reputation points
2023-01-24T03:38:11.6+00:00 The kid I am getting inside the token is - X5eXk4xyojNFum1kl2Ytv8dlNP4-c57dO6QGTVBwaNk.
but I cannot find this key inside /discovery/keys
Sign in to comment