diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java index 72c61451..c548fb73 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java @@ -22,7 +22,7 @@ class AadInstanceDiscoveryProvider { private final static String AUTHORIZE_ENDPOINT_TEMPLATE = "https://{host}/{tenant}/oauth2/v2.0/authorize"; private final static String INSTANCE_DISCOVERY_ENDPOINT_TEMPLATE = "https://{host}:{port}/common/discovery/instance"; private final static String INSTANCE_DISCOVERY_REQUEST_PARAMETERS_TEMPLATE = "?api-version=1.1&authorization_endpoint={authorizeEndpoint}"; - private final static String HOST_TEMPLATE_WITH_REGION = "{region}.{host}"; + private final static String HOST_TEMPLATE_WITH_REGION = "{region}.login.microsoft.com"; private final static String SOVEREIGN_HOST_TEMPLATE_WITH_REGION = "{region}.{host}"; private final static String REGION_NAME = "REGION_NAME"; private final static int PORT_NOT_SET = -1; @@ -47,7 +47,9 @@ class AadInstanceDiscoveryProvider { TRUSTED_HOSTS_SET.addAll(Arrays.asList( "login.windows.net", - "login.microsoftonline.com")); + "login.microsoftonline.com", + "login.microsoft.com", + "sts.windows.net")); TRUSTED_HOSTS_SET.addAll(TRUSTED_SOVEREIGN_HOSTS_SET); } @@ -187,8 +189,7 @@ private static String getRegionalizedHost(String host, String region) { // whereas sovereign cloud endpoints and any non-Microsoft authorities are assumed to follow another template if (TRUSTED_HOSTS_SET.contains(host) && !TRUSTED_SOVEREIGN_HOSTS_SET.contains(host)){ regionalizedHost = HOST_TEMPLATE_WITH_REGION. - replace("{region}", region). - replace("{host}", host); + replace("{region}", region); } else { regionalizedHost = SOVEREIGN_HOST_TEMPLATE_WITH_REGION.