OIDC Claims Inspector
Entra ID v2 • Auth Code + PKCE • Session-only tokens • Proxy-aware
Operating model
- Validates what your application actually receives in the ID token for member vs B2B guest users.
- Expected B2B behavior: UPN may be missing or be
#EXT#@<tenant>.onmicrosoft.com.
- Identity anchor:
oid + tid (stable within your tenant).
Register redirect URI in Entra:
https://openidcheck.traxion.com/index.php?action=callback
Proxy requirement: ensure your edge forwards Host and sets X-Forwarded-Proto: https so sessions + HTTPS detection remain consistent.