Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,027 questions
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I am encountering an issue where the key ID (kid) used for token signing is not found during the On-Behalf-Of (OBO) flow validation. Here are the details of the problem:
Context:
kid
that matches one of the keys only when the OpenID configuration is fetched with the appid
query parameter ("{AUTHORITY}/.well-known/openid-configuration?appid={CLIENT_ID}"). Problem:
.well-known/openid-configuration
), the kid
in the token is not found in the JWKS keys.appid
query parameter in the OpenID configuration URL (e.g., .well-known/openid-configuration?appid={client-id}
) am I able to retrieve the JWKS keys that contain the matching kid
.Specifics:
kid
is validated against the JWKS keys only when the appid
parameter is included, but OBO flow fails without being able to use a custom endpoint for validation.Questions:
kid
?