Key roll announcement


We are planning to conduct a key roll for Azure AD B2C's token signing key. The new key will be announced on August 9th in the key metadata and will roll on August 23rd.  If your app is using a standards-compliant library for authenticating via Open ID Connect, the libraries should pick up the new key automatically and your app should continue to work normally.

Please note that in the new key, we are introducing a new standards-compliant parameter called key_ops (https://tools.ietf.org/html/rfc7517#section-4.3) in order to support additional types of key operations in the future. 

To see the new key, go to the Open ID Connect metadata URL, which looks like:

https://login.microsoftonline.com/<your tenant>/v2.0/.well-known/openid-configuration?p=<your policy>

Look for and open the jwks_uri:

"jwks_uri": "https://login.microsoftonline.com/<your tenant>.onmicrosoft.com/discovery/v2.0/keys?p=<your policy>"

The last key in the JSON returned from that jwks_uri will be the new key.

 


Comments (0)

Skip to main content