Forum Discussion
OIDC Azure Signing Key Rollover Guidance
We're having some issues with manually obtaining the correct certificate thumprints after Signing Key's are rolled over. Where using Open ID Connect to authenticate users via Azure AD and then forwarding their authorised details onto an AWS Cognito Identity Pool which requires all the correct thumprints to be configured in order to verify the token that has been provided.
We have follow the steps provided by aws https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html
to obtain a thumprint however this only ever results in one, whereas clearly there should be two or more
What is the correct way to obtain the right thumprints. The guidance here https://docs.microsoft.com/en-us/previous-versions/azure/dn641920(v=azure.100)?redirectedfrom=MSDN#manually-retrieve-the-latest-key-and-update-your-application is outdated.