OpenID Connect

Question 1

What is the OpenID configuration document URI for an Azure ID tenant?

Answer 1

https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration

Question 2

What are the four variations of the tenant identifier?

Answer 2

• common
• organization
• consumers
• Tenant ID or {tenantname}.onmicrosoft.com

Question 3

Give an example of a sign-in request?

Answer 3

/authorize

GET https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&response_type=id_token
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=form_post
&scope=openid
&state=12345
&nonce=678910

Question 4

What are the steps involved in the authorisation code flow?

Answer 4

1. Client prepares an Authentication Request containing the desired request parameters.
2. Client sends the request to the Authorization Server.
3. Authorization Server Authenticates the End-User.
4. Authorization Server obtains End-User Consent/Authorization.
5. Authorization Server sends the End-User back to the Client with an Authorization Code.
6. Client requests a response using the Authorization Code at the Token Endpoint.
7. Client receives a response that contains an ID Token and Access Token in the response body.
8. Client validates the ID token and retrieves the End-User’s Subject Identifier.

Question 5

What are the two endpoints involved in the Authorisation code flow?

Answer 5

1. Authorization Endpoint (/authorize)
2. Token Endpoint (/token)