I have created an app through the windows developer console, and I'm trying to use Open ID Connect/Oauth 2.0 to allow the user to log in to the app using Windows Live Login. It works when I use Azure AD, but I have to add each Windows Live account to my Azure AD tenant, and what I am looking for is allowing any user with a Windows Live account to log in to my app.
When I use Windows live, I set up my OID RP with the client_id that is provided to me by the Windows App developer console. The problem is that it works all the way through, until I get the id_token from Windows live. The problem is that the client_id I get back in the ID token has zeros prefixed to my client ID. So for example if my client id in the developers console is 000001234, the client_id I get back in the id_token from Windows Live is 0000000-00000000-0000-000001234. At that point OIDC fails (As it should), because the client_id returned in the id_token is different than the client_id that requested the token.
It's so close to being there, I just need this last bug fixed, and I'll be good to do. As an additional note. The client ID's that are delivered through Azure apps have the zeros populated, i.e. the client ID's seem to match the format that's returned by Windows Live in the client_id value with the prefixed digits.
So I finally found the solution to this. Thanks to Hans Zandbelt the author of mod_auth_openidc for sending me this link http://blogs.technet.com/b/ad/archive/2015/08/12/azure-ad-microsoft-account-preview-sign-in-personal-and-work-accounts-using-a-single-stack.aspx. It took a bit of finagling, but I got it to work. Keep in mind I got it working against their preview version, so it may change, but I posted the details of how to solve this on my blog