When trying to setup Azure as an IDP with the "OAuth 2.0 / OpenID Connect" authentication module, parameter code not valid message is received on the redirect from Azure to OpenAM. It seems the following check in OAuthProxy.java is what is causing the problem:
There is a 512 character limit on the code, but Azure is sending longer codes than that. Note that a similar checks are also made in ConsumerRequest.java and OAuth.java.
It is recommended that the limit be increased to 2000 in line with the URL length limits set in modern web browsers or, make it configurable with an advanced option.
A ForgeRock partner has confirmed that altering the character limit to a much higher value will fix the problem with Azure.