This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 2%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
I am trying to decode the Access tokens and ID tokens generated by Azure Active Directory.
I have been successful with the single tenant apps, but when decoding this type of app:
Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)
I cannot find the public key corresponding to the "kid" I receive in the jwt header.
I have tried searching through the following discovery urls:
https://login.microsoftonline.com/{tenant_id}/discovery/keys
https://login.microsoftonline.com/common/discovery/keys
https://login.microsoftonline.com/{tenant_id}/discovery/keys?appid={client_id}
Please help me with the discovery url or the public key to use for these type of apps where the user can use any microsoft user account to sign in.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
@Gautam Manoharan Can you share the response you received, https://login.microsoftonline.com/common/discovery/keys should have worked for you. We will try to check from our side once we have the response.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 65%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Hi @Gautam Manoharan Have u solved the above issue. I am also facing the same error. I cannot find token kid in the discovery/keys url. Plese let me know if u have solved this issue as I am also stuck here and cannot find any solution.
The kid I am getting inside the token is - X5eXk4xyojNFum1kl2Ytv8dlNP4-c57dO6QGTVBwaNk.
but I cannot find this key inside /discovery/keys
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 69%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBL%3C/text%3E%3C/svg%3E)
Hi all, just been working on this problem. I'm presuming that you're using AAD B2C flows since I get the same kid. Try using this url - https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy-name} /discovery/v2.0/keys (policy name could B2C_1_SignIn for example). This should give the metadata of the user flow. Which should also include jwk_url, which should also have the correct key inside. :)