Hello. I'm looking for some troubleshooting help.

go-oidc doesn't seem to play nice with Azure Active Directory v1 endpoints.

Working: AADv2 endpoints (issuer=https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47 config=https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/.well-known/openid-configuration) + Kubernetes + OIDC

Only partially working: AADv1 endpoints (issuer=https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/, config=https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/.well-known/openid-configuration ) + Kubernetes + OIDC

If I only add an id_token then it uses it as-is and it works.

If I also add the refresh_token then I get the verification error shown.

$ k get nodes
Unable to connect to the server: unable to acquire valid JWT: oidc: unable to verify JWT signature: no matching keys

I'm not sure where to look first. For the AADv1 endpoint, the issuer URL is: https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/ (trailing slash is important) which puts the OIDC config at: https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/.well-known/openid-configuration

How can I determine if this is a bug in go-oidc or a bug in how AADv1 endpoints are configured?