fix(providers): Add appid param to Azure AD wellKnown URL (#5138)

This fixes: #5137 Relevent documentation: > If the application has custom signing keys as a result of using the claims-mapping feature, append an appid query parameter that contains the application ID to get a jwks_uri that points to the signing key information of the application, which should be used for validation. https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens#validating-the-signature
nextauthjs · Aug 12, 2022 · a03657e · a03657e
1 parent 3e312d0
commit a03657e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/packages/next-auth/src/providers/azure-ad.ts b/packages/next-auth/src/providers/azure-ad.ts
@@ -25,7 +25,7 @@ export default function AzureAD<P extends AzureADProfile>(
     id: "azure-ad",
     name: "Azure Active Directory",
     type: "oauth",
-    wellKnown: `https://login.microsoftonline.com/${tenant}/v2.0/.well-known/openid-configuration`,
+    wellKnown: `https://login.microsoftonline.com/${tenant}/v2.0/.well-known/openid-configuration?appid=${options.clientId}`,
     authorization: {
       params: {
         scope: "openid profile email",