Skip to content

feat: extract entra tenant id from payload claims in id-token #3229

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

feat: extract entra tenant id from payload claims in id-token #3229

wants to merge 3 commits into from
+10 −1

Conversation

@asifsid
Copy link

@asifsid asifsid commented Oct 10, 2025

Changed claim extraction from 'iss' to 'tid' with fallback.

Proposed fix to resolve this issue: #2939

Description

Added retrieval of "tid" claim and return if available. Left the original logic in place as fallback.

Motivation and Context

Entra tokens already provide the Tenant ID value in "tid" claim. It would be simpler to get the tid value rather than trying to parse the Tenant ID from issuer url which requires handling different issuer url formats. The url format currently only supports com cloud so it will fail for all sovereign cloud tokens.

#2939

How Has This Been Tested?

I have not tested this. Submitting the fix to fast-track resolution of the issue since there are quite a few people reporting it and asking for update.

Checklist:

  • My change requires a change to the documentation or CHANGELOG.
  • I have updated the documentation/CHANGELOG accordingly.
  • I have created a feature (non-master) branch for my PR.
  • I have written tests for my code changes.

@asifsid asifsid requested a review from a team as a code owner October 10, 2025 21:49
tuunit
tuunit reviewed Oct 28, 2025
View reviewed changes
tuunit
tuunit reviewed Oct 28, 2025
View reviewed changes
@asifsid @tuunit
Update claim extraction logic in ms_entra_id.go
0ce49de 
Changed claim extraction from 'iss' to 'tid' with fallback.
@tuunit tuunit changed the title Update claim extraction logic in ms_entra_id.go feat: extract entra tenant id from payload claims in id-token Oct 28, 2025
asifsid and others added 2 commits October 28, 2025 09:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tuunit tuunit tuunit left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

go provider

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@asifsid @tuunit