OpenID Connect 1.0


OpenID Connect 1.0 in Azure Active Directory (Azure AD) enables you to use the OAuth 2.0 protocol for single sign-on. OAuth 2.0 is an authorization protocol, but OpenID Connect extends OAuth 2.0 for use as an authentication protocol. A primary feature of the OpenID Connect protocol is that it returns an id_token, which is used to authenticate the user. For more information about OpenID Connect, see the specification, OpenID Connect Core 1.0.

Here is a sample OpenID Connect request to Azure AD:

In addition to the support for the id_token response type, we have added support for the following parameters in the request.




[Required] This is value is used to protect against token replay attacks. The value provided in the request must match the nonce claim value that is returned in the id_token. This nonce must be unique to a user session and difficult to guess, such as a GUID.


[Required] Indicates the encoding of the response. Supported values are fragment (URL fragment) and form_post (HTTP form POST).


The response_mode parameter is required, because the current default response encoding is in a query parameter. This behavior is incompatible with the specification and the default value is likely to change. To prevent your client from failing in the future, include the response_mode parameter in the request with a value of fragment or form_post.

See Also

OAuth 2.0 in Azure AD