![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 57.00000000000001%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETN%3C/text%3E%3C/svg%3E)
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
Hello !
You can’t directly make the Entra fpc cookie a session cookie from the Azure OAuth token endpoint. fpc is a Microsoft managed cookie used for tracking, throttling or protection and its behavior isn’t exposed as a tenant setting. If you change it, that would have to be done in your own proxy, with some risk of breaking supported sign in behavior.
You can find in the doc below that cookie handling issues can affect SSO and sign out.
For the token identifier, Microsoft Entra uses uti, which is documented as equivalent to JWT jti.
If your token does not contain a literal jti, Entra does not provide a supported way to map or copy the restricted uti claim into a custom jti claim. If a downstream service strictly requires jti, the usual workaround is to validate the Entra token in your own service and issue your own JWT containing jti.