fix ClientAuthMiddleware

Management/Security/ClientAuthMiddleware.cs

@@ -277,7 +277,11 @@ public sealed class ClientAuthMiddleware
             var validationParams = new TokenValidationParameters
             {
                 ValidateIssuer    = true,
-                ValidIssuers      = new[] { $"{instance.TrimEnd('/')}/{tenantId}/v2.0" },
+                ValidIssuers      = new[]
+                {
+                    $"https://login.microsoftonline.com/{tenantId}/v2.0",
+                    $"https://sts.windows.net/{tenantId}/"
+                },
                 ValidateAudience  = true,
                 ValidAudiences    = new[] { clientId, $"api://{clientId}" },
                 ValidateLifetime  = true,