oidc/azure: add a note to get v2 tokens

wasaga · web-flow · commit 57351609426e · 2024-12-10T12:32:29.000-05:00
Adds a note to obtain V2 tokens in Microsoft Entra.
diff --git a/content/docs/identity-providers/azure.mdx b/content/docs/identity-providers/azure.mdx
@@ -90,6 +90,12 @@ You will use the [**Group ID**](https://docs.microsoft.com/en-us/graph/api/group
 
 :::
 
+:::note
+
+Pomerium uses v2.0 Entra Access Token, make sure your application manifest has [`accessTokenAcceptedVersion`](https://learn.microsoft.com/en-us/entra/identity-platform/reference-app-manifest#accesstokenacceptedversion-attribute) set to `2`. If you use Terraform to configure your Entra application, set [`requested_access_token_version = 2`](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/application.html#requested_access_token_version-1) of an `azuread_application`.
+
+:::
+
 1. From the **App registrations** page, select **API permissions**:
 
    - Select **+ Add a permission**, then **Microsoft Graph API**
