{Profile} Use v2.0 authority to resolve tenant ID (#27892)

Azure · Jan 5, 2024 · 2548ad6 · 2548ad6
1 parent 2f9ac7c
commit 2548ad6
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/src/azure-cli/azure/cli/command_modules/profile/_validators.py b/src/azure-cli/azure/cli/command_modules/profile/_validators.py
@@ -12,20 +12,20 @@
 def validate_tenant(cmd, namespace):
     """
     Make sure tenant is a GUID. If domain name is provided, resolve to GUID.
-    https://docs.microsoft.com/azure/active-directory/develop/v2-protocols-oidc#fetch-the-openid-connect-metadata-document
+    https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc#find-your-apps-openid-configuration-document-uri
     """
     from azure.cli.core.util import is_guid
     if namespace.tenant is not None and not is_guid(namespace.tenant):
         import requests
         active_directory_endpoint = cmd.cli_ctx.cloud.endpoints.active_directory
-        url = '{}/{}/.well-known/openid-configuration'.format(active_directory_endpoint, namespace.tenant)
+        url = '{}/{}/v2.0/.well-known/openid-configuration'.format(active_directory_endpoint, namespace.tenant)
         response = requests.get(url, verify=not should_disable_connection_verify())
 
         if response.status_code != 200:
             from knack.util import CLIError
             raise CLIError("Failed to resolve tenant '{}'.\n\nError detail: {}".format(namespace.tenant, response.text))
 
-        # Example issuer: https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/
+        # Example issuer: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0
         tenant_id = response.json()['issuer'].split("/")[3]
         logger.debug('Resolved tenant domain name %s to GUID %s', namespace.tenant, tenant_id)
         namespace.tenant = tenant_id