How can we improve Azure Active Directory?

Add CORS support for discovery and JSON Web Key Set endpoints

Adding CORS support to the following endpoints would allow them to be downloaded via a JavaScript application:
- https://login.microsoftonline.com/<tenantid>/v2.0/.well-known/openid-configuration
- https://login.microsoftonline.com/<tenantid>/discovery/v2.0/keys

The signatures for these endpoints could then be used to verify JWT's directly within the JavaScript.

43 votes
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

8 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Anwar commented  ·   ·  Flag as inappropriate

    That's great looking forward to it, I hope it will be completed as early as possible...

  • Jeremy Huckeba commented  ·   ·  Flag as inappropriate

    Adding CORS to the key server would be helpful to get OpenID Connect certified clients such as oidc-client-js (and redux-oidc) to work. It is a common scenario to decrypt the key on the client to obtain claims for display purposes and *ALSO* pass that key in cookies or the auth header to an API layer to be validated by the API.

  • Amine commented  ·   ·  Flag as inappropriate

    I see it's OK for .well-known/openid-configuration but NOK for /discovery/keys

Feedback and Knowledge Base