This is foundamentally another issue with Azure, but different from the ones raised in the past regarding the problem with a different issuer returned by Azure.

It would be useful to be able to use a query string in the issuer URL, this is necessary with Azure B2C when policies are used .

In more details when a Azure policy is used the well known URL needs to be in this format:

https://login.microsoftonline.com//{tenantID}/v2.0/.well-known/openid-configuration?p={policyName}

Due to how the well known URL is built at the moment it is unfortunately not possible to add a parameter to the URL.

My proposal would be to allow the issuer to contain a query string (EG: https://login.microsoftonline.com/organizations/v2.0/?p={policyName}) or allow a third parameter to the NewProvider method. The second option would break backward compatibility so it might be more problematic.

I can work on this change myself if you think it might OK to include it in this library.