Azure AD token Issuer

Abhay Chandramouli 1,056 Reputation points
2024-05-10T03:36:53.0566667+00:00

Hi

What is the difference between sts.windows.net login.microsoft.online issuers in token ?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

2 answers

Sort by: Most helpful
  1. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2024-05-10T05:44:55.6833333+00:00

    Hi @Abhay Chandramouli ,

    Thanks for reaching out.

    The sts.windows.net and login.microsoftonline.com are both Security Token Services (STS) that issue tokens for Azure Active Directory (Azure AD). The sts.windows.net is the original STS for Azure AD v1, while login.microsoftonline.com is a newer STS that was introduced to support newer authentication protocols like OpenID Connect. Both issuers can issue tokens for Azure AD, but the tokens issued by login.microsoftonline.com are generally newer and support more features.

    Both the sample tokens have been provided here - https://learn.microsoft.com/en-us/entra/identity-platform/access-tokens#token-formats

    You can decode those tokens using jwt.ms and then compare the slightly varying claims of the tokens.

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    1 person found this answer helpful.

  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.