Skip to content

Update OIDC metadata section with mtls_endpoint_aliases #127923

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update OIDC metadata section with mtls_endpoint_aliases #127923

wants to merge 1 commit into from

Conversation

@jsoveral
Copy link
Contributor

@jsoveral jsoveral commented Nov 20, 2025

Added information about mtls_endpoint_aliases in OIDC metadata for Mutual-TLS Client Authentication.

@jsoveral
Update OIDC metadata section with mtls_endpoint_aliases
3cb3d7c 
Added information about mtls_endpoint_aliases in OIDC metadata for Mutual-TLS Client Authentication.
@prmerger-automator
Copy link
Contributor

prmerger-automator bot commented Nov 20, 2025

@jsoveral : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change.

@learn-build-service-prod
Copy link
Contributor

learn-build-service-prod bot commented Nov 20, 2025

Learn Build status updates of commit 3cb3d7c:

✅ Validation status: passed

File Status Preview URL Details
articles/app-service/configure-authentication-provider-openid-connect.md ✅Succeeded

For more details, please refer to the build report.

@ttorble ttorble requested a review from Copilot November 20, 2025 16:10
Copilot AI reviewed Nov 20, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the OIDC metadata documentation to inform users that mtls_endpoint_aliases is included in the metadata as part of Mutual-TLS Client Authentication support, referencing RFC 8705.

Key Changes:

  • Enhanced the OIDC metadata section with information about mtls_endpoint_aliases support for Mutual-TLS Client Authentication

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

articles/app-service/configure-authentication-provider-openid-connect.md
> - Your app must provide the client secret if you want users to acquire access tokens using the interactive authorization code flow. If you don't want to acquire access tokens, you don't need to use a secret.
You also need the provider's OIDC metadata. This metadata is often exposed in a [configuration metadata document](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) that you can get at the path formed by appending `/.well-known/openid-configuration` to the provider's issuer URL.
You also need the provider's OIDC metadata. This metadata is often exposed in a [configuration metadata document](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) that you can get at the path formed by appending `/.well-known/openid-configuration` to the provider's issuer URL. We are including mtls_endpoint_aliases in the metadata as part of [Mutual-TLS Client Authentication](https://datatracker.ietf.org/doc/html/rfc8705).
Copy link

Copilot AI Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] The sentence structure is awkward with 'We are including' which implies the document author is implementing this feature. Consider rephrasing to: 'The metadata includes mtls_endpoint_aliases as part of Mutual-TLS Client Authentication.' This maintains a more neutral, descriptive tone appropriate for documentation.

Suggested change
You also need the provider's OIDC metadata. This metadata is often exposed in a [configuration metadata document](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) that you can get at the path formed by appending `/.well-known/openid-configuration` to the provider's issuer URL. We are including mtls_endpoint_aliases in the metadata as part of [Mutual-TLS Client Authentication](https://datatracker.ietf.org/doc/html/rfc8705).
You also need the provider's OIDC metadata. This metadata is often exposed in a [configuration metadata document](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) that you can get at the path formed by appending `/.well-known/openid-configuration` to the provider's issuer URL. The metadata includes `mtls_endpoint_aliases` as part of [Mutual-TLS Client Authentication](https://datatracker.ietf.org/doc/html/rfc8705).

Copilot uses AI. Check for mistakes.
@ttorble
Copy link
Contributor

ttorble commented Nov 20, 2025

@cephalin

Can you review the proposed changes?

IMPORTANT: When the changes are ready for publication, adding a #sign-off comment is the best way to signal that the PR is ready for the review team to merge.

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team

@prmerger-automator prmerger-automator bot added the aq-pr-triaged tracking label for the PR review team label Nov 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@cephalin cephalin Awaiting requested review from cephalin

@mattchenderson mattchenderson Awaiting requested review from mattchenderson

Assignees

@cephalin cephalin

Labels

aq-pr-triaged tracking label for the PR review team azure-app-service/svc Change sent to author do-not-merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jsoveral @ttorble @cephalin