Hi @prasadn · Thank you for reaching out.
This is expected behavior. The /common endpoint, is used for tenant discovery, which means when you go to /common endpoint and type username@ssss .com in the username field, you will be redirected to the tenant on the basis of your UPN suffix. In this case, you will be redirected to the tenant where example.com is added as custom domain. Eventually the token will be issued by the example.com tenant and the issuer claim in the token will look like "https://login.microsoftonline.com/tenant_id_of_example.com/v2.0"
Token issuer value can NOT be "https://login.microsoftonline.com/common/v2.0" in any case.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.