It’s described here: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#update-your-code-to-handle-multiple-issuer-values
In short, you have to enable multi-tenancy in your app on Azure, and then update the application code to handle the issuer right:
Therefore, a multi-tenant application can’t validate tokens just by matching the issuer value in the metadata with the
issuer value in the token. A multi-tenant application needs logic to decide which issuer values are valid and which are not based on the tenant ID portion of the issuer value.
I’m not sure. It feels like this might go against the OpenID specs. I think you might have to hack this.
One way is to pass in
:openid_configuration config option in the callback call where the issuer is dynamically set. We should probably discuss this in an issue at https://github.com/pow-auth/assent