@@ -22,7 +22,7 @@ class AadInstanceDiscoveryProvider {
2222 private final static String AUTHORIZE_ENDPOINT_TEMPLATE = "https://{host}/{tenant}/oauth2/v2.0/authorize" ;
2323 private final static String INSTANCE_DISCOVERY_ENDPOINT_TEMPLATE = "https://{host}:{port}/common/discovery/instance" ;
2424 private final static String INSTANCE_DISCOVERY_REQUEST_PARAMETERS_TEMPLATE = "?api-version=1.1&authorization_endpoint={authorizeEndpoint}" ;
25- private final static String HOST_TEMPLATE_WITH_REGION = "{region}.{host} " ;
25+ private final static String HOST_TEMPLATE_WITH_REGION = "{region}.login.microsoft.com " ;
2626 private final static String SOVEREIGN_HOST_TEMPLATE_WITH_REGION = "{region}.{host}" ;
2727 private final static String REGION_NAME = "REGION_NAME" ;
2828 private final static int PORT_NOT_SET = -1 ;
@@ -47,7 +47,9 @@ class AadInstanceDiscoveryProvider {
4747
4848 TRUSTED_HOSTS_SET .addAll (Arrays .asList (
4949 "login.windows.net" ,
50- "login.microsoftonline.com" ));
50+ "login.microsoftonline.com" ,
51+ "login.microsoft.com" ,
52+ "sts.windows.net" ));
5153
5254 TRUSTED_HOSTS_SET .addAll (TRUSTED_SOVEREIGN_HOSTS_SET );
5355 }
@@ -187,8 +189,7 @@ private static String getRegionalizedHost(String host, String region) {
187189 // whereas sovereign cloud endpoints and any non-Microsoft authorities are assumed to follow another template
188190 if (TRUSTED_HOSTS_SET .contains (host ) && !TRUSTED_SOVEREIGN_HOSTS_SET .contains (host )){
189191 regionalizedHost = HOST_TEMPLATE_WITH_REGION .
190- replace ("{region}" , region ).
191- replace ("{host}" , host );
192+ replace ("{region}" , region );
192193
193194 } else {
194195 regionalizedHost = SOVEREIGN_HOST_TEMPLATE_WITH_REGION .
0 commit comments