Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
OpenID Connect 1.0 in Azure Active Directory (Azure AD) enables you to use the OAuth 2.0 protocol for single sign-on. OAuth 2.0 is an authorization protocol, but OpenID Connect extends OAuth 2.0 for use as an authentication protocol. A primary feature of the OpenID Connect protocol is that it returns an id_token, which is used to authenticate the user. For more information about OpenID Connect, see the specification, OpenID Connect Core 1.0.
Here is a sample OpenID Connect request to Azure AD:
https://login.windows.net/common/oauth2/authorize?response_type=id_token&client_id=4ae4904e-e989-4755-8c74-f805d37cc8bd&scope=openid&nonce=7362CAEA-9CA5-4B43-9BA3-34D7C303EBA7&response_mode=form_post
In addition to the support for the id_token response type, we have added support for the following parameters in the request.
Parameter |
Description |
|---|---|
nonce |
[Required] This is value is used to protect against token replay attacks. The value provided in the request must match the nonce claim value that is returned in the id_token. This nonce must be unique to a user session and difficult to guess, such as a GUID. |
response_mode |
[Required] Indicates the encoding of the response. Supported values are fragment (URL fragment) and form_post (HTTP form POST). |
Note
The response_mode parameter is required, because the current default response encoding is in a query parameter. This behavior is incompatible with the specification and the default value is likely to change. To prevent your client from failing in the future, include the response_mode parameter in the request with a value of fragment or form_post.