Felix Storm

Unfortunately, it does still not work for me. It works fine as long as the user that logs in belongs to the same tenant that has been specified as `issuer`...

Thanks for reopening! I will try to provide both tokens over the weekend - do you need the full signed token in base64 format or would the JSON content be...

@bufferoverflow Here we go - a user from the same tenant that the application has been registered in: ``` {"aud"=>"2c621092-4e90-495a-ad0f-...", "iss"=> "https://login.microsoftonline.com/810017af-c1d4-4a3b-9e18-.../v2.0", "iat"=>1720283638, "nbf"=>1720283638, "exp"=>1720287538, "email"=>"[email protected]", "name"=>"Test User1", "nonce"=>"fd37265ba8330710ffe5496f...", "oid"=>"438f989f-1683-44b1-8013-...",...

> There is an issuer check: https://github.com/nov/openid_connect/blob/main/lib/openid_connect/response_object/id_token.rb#L26 so either pass the issuer we received to ignore it or add a list of valid issuers as config options should do the...