Add id_token support to microsoft oidc provider.

ory · Aug 15, 2024 · be931e3 · be931e3
1 parent 68693a4
commit be931e3
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/selfservice/strategy/oidc/provider_microsoft.go b/selfservice/strategy/oidc/provider_microsoft.go
@@ -6,6 +6,7 @@ package oidc
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"net/url"
 	"strings"
 
@@ -25,6 +26,7 @@ import (
 
 type ProviderMicrosoft struct {
 	*ProviderGenericOIDC
+	JWKSUrl string
 }
 
 func NewProviderMicrosoft(
@@ -36,6 +38,7 @@ func NewProviderMicrosoft(
 			config: config,
 			reg:    reg,
 		},
+		JWKSUrl: "https://login.microsoftonline.com/common/discovery/keys",
 	}
 }
 
@@ -127,3 +130,9 @@ type microsoftUnverifiedClaims struct {
 func (c *microsoftUnverifiedClaims) Valid() error {
 	return nil
 }
+
+func (p *ProviderMicrosoft) Verify(ctx context.Context, rawIDToken string) (*Claims, error) {
+	keySet := gooidc.NewRemoteKeySet(ctx, p.JWKSUrl)
+	ctx = gooidc.ClientContext(ctx, p.reg.HTTPClient(ctx).HTTPClient)
+	return verifyToken(ctx, keySet, p.config, rawIDToken, fmt.Sprintf("https://login.microsoftonline.com/%s/v2.0", p.config.Tenant))
+}