From a03657e6154a164a37401ab3302294bf2f1a071e Mon Sep 17 00:00:00 2001
From: Moritz Kneilmann <moritz.kneilmann@gmx.de>
Date: Fri, 12 Aug 2022 14:26:21 +0200
Subject: [PATCH] fix(providers): Add `appid` param to Azure AD `wellKnown` URL
 (#5138)

This fixes: #5137
Relevent documentation:
> If the application has custom signing keys as a result of using the claims-mapping feature, append an appid query parameter that contains the application ID to get a jwks_uri that points to the signing key information of the application, which should be used for validation.

https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens#validating-the-signature
---
 packages/next-auth/src/providers/azure-ad.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/next-auth/src/providers/azure-ad.ts b/packages/next-auth/src/providers/azure-ad.ts
index b42097d9e0..915d9dbe6c 100644
--- a/packages/next-auth/src/providers/azure-ad.ts
+++ b/packages/next-auth/src/providers/azure-ad.ts
@@ -25,7 +25,7 @@ export default function AzureAD<P extends AzureADProfile>(
     id: "azure-ad",
     name: "Azure Active Directory",
     type: "oauth",
-    wellKnown: `https://login.microsoftonline.com/${tenant}/v2.0/.well-known/openid-configuration`,
+    wellKnown: `https://login.microsoftonline.com/${tenant}/v2.0/.well-known/openid-configuration?appid=${options.clientId}`,
     authorization: {
       params: {
         scope: "openid profile email",