Accessing AzureAD API using google OAuth2 client library for java

Question

My project requires integration with G-Suite and AzureAD directory. Both of them supports OAuth2 as explained here and here.

I want to access G-Suite and AzueAD API with Google OAuth2 client. I have few questions for the same

1. Is it possible to access AzureAD API using google-oauth-api-client?

2. Is there any library which can be used with G-Suite SDK and AzureAD?

I don't want to separate library for each provider I integrate. Be it G-Suite or AzureAD or SalesForce or something else which supports OAuth2.

Answer 1

The Google OAuth2 client library can be used to authenticate against any OAuth2 provider by adding the following two classes:

public class ClientUsernamePasswordTokenRequest extends TokenRequest {

/**
 * @param transport      HTTP transport
 * @param jsonFactory    JSON factory
 * @param tokenServerUrl token server URL
 * @param grantType      grant type ({@code "authorization_code"}, {@code "password"},
 *                       {@code "client_credentials"}, {@code "refresh_token"} or absolute URI of the extension
 */
public ClientUsernamePasswordTokenRequest(HttpTransport transport, JsonFactory jsonFactory, GenericUrl tokenServerUrl, String grantType) {
    super(transport, jsonFactory, tokenServerUrl, grantType);
}

@Override
public TokenResponse execute() throws IOException {
    return convertStringToObject(executeUnparsed().parseAs(Map.class));
}

private TokenResponse convertStringToObject(Map content) {
    TokenResponse tokenResponse = new TokenResponse();
    String tokenType = (String) content.get("token_type");
    tokenResponse.setTokenType(tokenType);
    String scope = (String) content.get("scope");
    tokenResponse.setScope(scope);
    String accessToken = (String) content.get("access_token");

    tokenResponse.setAccessToken(accessToken);
    String refreshToken = (String) content.get("refresh_token");
    tokenResponse.setRefreshToken(refreshToken);
    return tokenResponse;
}


}

and

package com.identityforge.idfserver.backend.rest.auth;

import com.google.api.client.http.HttpExecuteInterceptor;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpRequestInitializer;
import com.google.api.client.http.UrlEncodedContent;
import com.google.api.client.util.Data;
import com.google.api.client.util.Preconditions;

import java.util.Map;

public class ClientParametersAuthentication implements HttpRequestInitializer, HttpExecuteInterceptor {

    /**
     * Client identifier issued to the client during the registration process.
     */
    private final String clientId;

    /**
     * Client password or {@code null} for none.
     */
    private final String password;
    /**
     * Client username
     */
    private final String username;

    /**
     * Resource for which access is requested
     */

    private final String resource;

    private final String clientSecret;

    /**
     * @param clientId     client identifier issued to the client during the registration process
     * @param password     password or {@code null} for none
     * @param username
     * @param resource
     * @param clientSecret
     */
    public ClientParametersAuthentication(String clientId, String password, String username, String resource, String clientSecret) {
        this.clientId = Preconditions.checkNotNull(clientId);
        this.password = Preconditions.checkNotNull(password);
        this.username = Preconditions.checkNotNull(username);
        this.resource = resource;
        this.clientSecret = clientSecret;
    }

    public void initialize(HttpRequest request) {
        request.setInterceptor(this);
    }

    public void intercept(HttpRequest request) {
        Map<String, Object> data = Data.mapOf(UrlEncodedContent.getContent(request).getData());
        data.put("client_id", clientId);
        data.put("password", password);
        data.put("username", username);
        if (resource != null)
            data.put("resource", resource);

        if (clientSecret != null) {
            data.put("client_secret", clientSecret);
        }
    }


}

Now access token can be requested by providing credentials values in the following code

 private void fetchToken() throws IOException {
    TokenResponse tokenResponse;

    if (genericUrl == null) {
        genericUrl = new GenericUrl(tokenUrl);
    }
    if (authentication == null) {
        authentication = new ClientParametersAuthentication(clientId, passwd, username, resource, clientSecret);
    }
    if (tokenRequest == null) {
        tokenRequest = new ClientUsernamePasswordTokenRequest(new ApacheHttpTransport(), JacksonFactory.getDefaultInstance(), genericUrl, grantType);
        tokenRequest.setClientAuthentication(authentication);
    }
       tokenResponse = tokenRequest.execute();
        String accessToken = tokenResponse.getAccessToken();
        }

Here tokenUrl is the authentication endpoint.