Azure AD token Issuer

Abhay Chandramouli 966 Reputation points
2024-05-10T03:36:53.0566667+00:00

Hi

What is the difference between sts.windows.net login.microsoft.online issuers in token ?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,849 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 28,191 Reputation points Microsoft Employee
    2024-05-10T05:44:55.6833333+00:00

    Hi @Abhay Chandramouli ,

    Thanks for reaching out.

    The sts.windows.net and login.microsoftonline.com are both Security Token Services (STS) that issue tokens for Azure Active Directory (Azure AD). The sts.windows.net is the original STS for Azure AD v1, while login.microsoftonline.com is a newer STS that was introduced to support newer authentication protocols like OpenID Connect. Both issuers can issue tokens for Azure AD, but the tokens issued by login.microsoftonline.com are generally newer and support more features.

    Both the sample tokens have been provided here - https://learn.microsoft.com/en-us/entra/identity-platform/access-tokens#token-formats

    You can decode those tokens using jwt.ms and then compare the slightly varying claims of the tokens.

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.