docs: clarify decode-only id token behavior

Agent-Logs-Url: https://github.com/AzureAD/microsoft-authentication-library-for-python/sessions/d56329c6-d8ad-4440-8617-3df24459fed0

Co-authored-by: bgavrilMS <12273384+bgavrilMS@users.noreply.github.com>

Author: Copilot

msal/oauth2cli/oidc.py

@@ -81,6 +81,9 @@ def decode_id_token(id_token, client_id=None, issuer=None, nonce=None, now=None)
     per `specs <https://openid.net/specs/openid-connect-core-1_0.html#IDToken>`_
     and it may contain other optional content such as "preferred_username",
     `maybe more <https://openid.net/specs/openid-connect-core-1_0.html#Claims>`_
+
+    The optional parameters ``client_id``, ``issuer``, ``nonce``, and ``now``
+    are ignored and only kept for backward compatibility.
     """
     return json.loads(decode_part(id_token.split('.')[1]))
 
@@ -144,9 +147,7 @@ def obtain_token_by_authorization_code(self, code, nonce=None, **kwargs):
         plus new parameter(s):
 
         :param nonce:
-            Optional. If you provided a nonce when calling
-            :func:`build_auth_request_uri`, you may still pass it here for
-            backward compatibility.
+            Optional. Ignored and only kept for backward compatibility.
         """
         warnings.warn(
             "Use obtain_token_by_auth_code_flow() instead", DeprecationWarning)

tests/test_oidc.py

@@ -99,7 +99,7 @@ def test_id_token_should_ignore_validation_parameters(self):
             ), {
                 "iss": "issuer",
                 "iat": 1706570732,
-                "exp": 1674948332,  # 2023-1-28
+                "exp": 1674948332,  # 2023-01-28
                 "aud": "foo",
                 "sub": "subject",
             })