public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge 41e0f4334a into 110d51d1d7

This commit is contained in:
Asif A Siddiqi 2025-10-28 16:06:52 +00:00 committed by GitHub
parent 110d51d1d7 41e0f4334a
commit 69248ba9f8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
providers/ms_entra_id.go
View File

@ -271,7 +271,16 @@ func (p *MicrosoftEntraIDProvider) getTenantFromToken(session *sessions.SessionS
return "", fmt.Errorf("unable to get claim extractor: %v", err)
}
value, exists, err := extractor.GetClaim("iss")
// Use tenant id (tid) provided within the payload claims of the id token
// https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference
value, exists, err := extractor.GetClaim("tid")
if exists && err == nil {
return value, nil
}
// Fall back to iss claim
value, exists, err = extractor.GetClaim("iss")
if !exists || err != nil {
return "", fmt.Errorf("iss claim does not exist in the token")