From e93b54046043ecb667dfa28fba3025dbc6f31f55 Mon Sep 17 00:00:00 2001
From: Sam Firke <sfirke@users.noreply.github.com>
Date: Fri, 16 May 2025 16:02:58 -0400
Subject: [PATCH 1/2] docs(security): update Azure config to use OAuth v2
 endpoint

---
 docs/security.rst | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/docs/security.rst b/docs/security.rst
index 2c637ba804..954cff7f5b 100644
--- a/docs/security.rst
+++ b/docs/security.rst
@@ -331,16 +331,17 @@ Specify a list of OAUTH_PROVIDERS in **config.py** that you want to allow for yo
             "remote_app": {
                 "client_id": "AZURE_APPLICATION_ID",
                 "client_secret": "AZURE_SECRET",
-                "api_base_url": "https://login.microsoftonline.com/AZURE_TENANT_ID/oauth2",
+                "api_base_url": "https://login.microsoftonline.com/AZURE_TENANT_ID/oauth2/v2.0",
                 "client_kwargs": {
-                    "scope": "User.read name preferred_username email profile upn",
+                    "scope": "email profile openid",
                     "resource": "AZURE_APPLICATION_ID",
                     # Optionally enforce signature JWT verification
                     "verify_signature": False
                 },
                 "request_token_url": None,
-                "access_token_url": "https://login.microsoftonline.com/AZURE_TENANT_ID/oauth2/token",
-                "authorize_url": "https://login.microsoftonline.com/AZURE_TENANT_ID/oauth2/authorize",
+                "access_token_url": "https://login.microsoftonline.com/AZURE_TENANT_ID/oauth2/v2.0/token",
+                "authorize_url": "https://login.microsoftonline.com/AZURE_TENANT_ID/oauth2/v2.0/authorize",
+                "jwks_uri": "https://login.microsoftonline.com/common/discovery/v2.0/keys",
             },
         },
         {

From b630d6288281ccede62c8ab9ee71c963b6ab46ea Mon Sep 17 00:00:00 2001
From: Sam Firke <samuel.firke@gmail.com>
Date: Fri, 16 May 2025 22:28:17 -0400
Subject: [PATCH 2/2] update sample azure config in OAuth example

---
 examples/oauth/config.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/examples/oauth/config.py b/examples/oauth/config.py
index 87ea00602e..3c70085257 100644
--- a/examples/oauth/config.py
+++ b/examples/oauth/config.py
@@ -72,18 +72,19 @@
         "remote_app": {
             "client_id": os.environ.get("AZURE_APPLICATION_ID"),
             "client_secret": os.environ.get("AZURE_SECRET"),
-            "api_base_url": f"https://login.microsoftonline.com/{os.environ.get('AZURE_TENANT_ID')}/oauth2",
+            "api_base_url": f"https://login.microsoftonline.com/{os.environ.get('AZURE_TENANT_ID')}/oauth2/v2.0",
             "client_kwargs": {
-                "scope": "User.read name preferred_username email profile upn",
+                "scope": "email profile openid",
                 "resource": os.environ.get("AZURE_APPLICATION_ID"),
             },
             "request_token_url": None,
             "access_token_url": f"https://login.microsoftonline.com/"
             f"{os.environ.get('AZURE_TENANT_ID')}/"
-            "oauth2/token",
+            "oauth2/v2.0/token",
             "authorize_url": f"https://login.microsoftonline.com/"
             f"{os.environ.get('AZURE_TENANT_ID')}/"
-            f"oauth2/authorize",
+            f"oauth2/v2.0/authorize",
+            "jwks_uri": "https://login.microsoftonline.com/common/discovery/v2.0/keys",
         },
     },
     {