fix(providers): Add appid param to Azure AD wellKnown URL (#5138)

MoritzKn · web-flow · commit a03657e6154a · 2022-08-12T14:26:21.000+02:00
This fixes: #5137 Relevent documentation: > If the application has custom signing keys as a result of using the claims-mapping feature, append an appid query parameter that contains the application ID to get a jwks_uri that points to the signing key information of the application, which should be used for validation. https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens#validating-the-signature
diff --git a/packages/next-auth/src/providers/azure-ad.ts b/packages/next-auth/src/providers/azure-ad.ts
@@ -25,7 +25,7 @@ export default function AzureAD<P extends AzureADProfile>(
     id: "azure-ad",
     name: "Azure Active Directory",
     type: "oauth",
-    wellKnown: `https://login.microsoftonline.com/${tenant}/v2.0/.well-known/openid-configuration`,
+    wellKnown: `https://login.microsoftonline.com/${tenant}/v2.0/.well-known/openid-configuration?appid=${options.clientId}`,
     authorization: {
       params: {
         scope: "openid profile email",
