Share via

OAuth JWT issuer (sts.windows.net) is different from the one exptected and listed in the endpoints (login.microsoft.com)

Jean-François RIVES (Admin) 0 Reputation points
2024-05-16T14:42:37.4966667+00:00

Hi all

We are trying to implement a new API which use OpenID Connect and OAuth2.0 to grant the API calls.

Wa can successfully make the /authorize and /token calls on Microsoft bur the JWT we get in return has an issuer (sts.windows.net) which is different from the one expected (login.microsoft.com) as described here : https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow

Any idea ?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,963 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Yakun Huang-MSFT 935 Reputation points Microsoft Vendor
    2024-05-17T02:52:42.9433333+00:00

    Hi @Jean-François RIVES (Admin)

    First you need to find the accessTokenAcceptedVersion property in the list of registered applications, and then change its value to 2.

    Screenshot 2024-05-17 103952

    However, this modification will be delayed, please wait patiently.

    Then make sure that the endpoint from which you get your credentials and token requests is v2.

    Screenshot 2024-05-17 104410

    Make sure the request has v2.0 after auth2.

    Can refer to this link:

    https://stackoverflow.com/questions/59790209/access-token-issuer-from-azure-ad-is-sts-windows-net-instead-of-login-microsofto

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.