I'm seeing tokens issued from login.microsoftonline do have an issuer sts.windows.net. However, metadocs from the login.microsoftonline domain do not match this issuer which causes token validation issues. For example, here's one of my metadocs:
https://login.microsoftonline.com/e8513859-fd27-4b85-b275-b2f61ada8ac4/v2.0/.well-known/openid-configuration You'll notice that, at the time of this writing, the issuer is not a sts.windows.net-based domain. I posted a discussion about this in the Azure AD tech forum if you'd like to take a look, or if you know a good person to forward this to that would also be helpful. Thanks!
https://social.msdn.microsoft.com/Forums/en-US/08199c62-f2ce-4e1d-adf8-ff7fd1c3064a/issuer-in-loginmicrosoftonlinecom-meta-document-does-not-match-token-issuer?forum=WindowsAzureAD
Microsoft
