Reputation: 23
Spring Security oauth2 client - How does one obtain a JWT token
I am trying to use spring-security-oauth2-client and spring-security-oauth2-jose to authenticate against Azure AD and get JWT tokens.
The login part works but the token that I receive is not a JWT. Here's my configuration :
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.oauth2Login()
.loginPage("/oauth2/authorization/azure")
.userInfoEndpoint()
.oidcUserService(oidcUserService);
}
}
After authentication, I retrieve the token from the security context as follows :
OAuth2AuthenticationToken authentication = (OAuth2AuthenticationToken)
SecurityContextHolder.getContext().getAuthentication();
OAuth2AccessToken accessToken = authorizedClientService.loadAuthorizedClient(
authentication.getAuthorizedClientRegistrationId()
,authentication.getName()
).getAccessToken();
I get a Bearer token that looks like:
"AQABAAAAAADXzZ3ifr-GRbDT45zNSEFElTInSJQ19I2zONWkrBPgoKf8MCYL_z_IzU2lmF_ZadgBMdCr337faL0bpqHAzmFhsxq8peWUX7iYeTLbmcHDIdCR617VSKKHISLn_AiXhNr9rF6AMSrQTzdV2mKhEVlycTXlHUsZkA-gMA4z4FQFQMYkFNcLKqr7b-NewnV07lbG55joRIkcCMDrM1s4X8mRcJpRF6ek1yNSpveFmlbkrt3cXPUqtDe5EWI_5gfuGEVIon57LFLos_JtcQWSL6CTrUlY8EuF8MVuwJpTNG3OR80ikK7ycH_dXFCYmYDRrtTbFkf3R61aDSnqEUe2IIl2T8QdqWqH65ykSVooG6uIi5KsRK9zXPRuRuC_XC5w6SCcGionQYIgSEp-kCtIzlfHIBRK2o_CpjYVMBdmbfIkCvFoTGGGAvpOP1_MkgVeBiQzYFg8m_dn_roXFF17oBhCdYrZ2Y41_-GngLU3VJj4ltFIxzRziH6CZ2aFl1N3MwzIUcTiN6Ci0oyODTsSNDPc2zvxg609SjEqrO-6Xp0LMEwiOgY5L5rrcLA5d4LN-Xq9NiG0KqybZPU7wW0AHNA2Nw7bSg1Cle0ReaBU4ANbkjHxYeQJf65-ONNMGdfkV8xlKtRXZoiOBFip87Z72cS4NjLjM3x9_Qk9MQ5eGQTNj4fHCzJp9ukcjQ1MSUol_VIgAA "
Which is then rejected by the Microsoft Graph API. Any help or suggestion is greatly appreciated.
Upvotes: 2
Views: 5167
Answers (3)
Reputation: 488
Based on @govind's answer, this is the way to get an OIDC token in modern functional Java:
public Optional<String> getCurrentToken() {
return Optional.ofNullable(SecurityContextHolder.getContext())
.map(SecurityContext::getAuthentication)
.map(Authentication::getPrincipal)
.filter(OidcUser.class::isInstance)
.map(OidcUser.class::cast)
.map(OidcUser::getIdToken)
.map(OidcIdToken::getTokenValue);
}
Upvotes: 0
Reputation: 31
You can also get the id token from the Authentication object. You need to cast the authentication.principal to OidcUser. The OidcUser gives you complete details of the user.
OAuth2AuthenticationToken oauthToken = (OAuth2AuthenticationToken) authentication;
OAuth2AuthorizedClient client =
clientService.loadAuthorizedClient(
oauthToken.getAuthorizedClientRegistrationId(),
oauthToken.getName());
if (authentication.getPrincipal() instanceof OidcUser) {
OidcUser principal = ((OidcUser) authentication.getPrincipal());
idToken = principal.getIdToken().getTokenValue();
}
Upvotes: 3
Reputation: 26
I was able to find a solution. What you had was the authorization code returned. To get the access token, use the following:
public void getToken(OAuth2AuthenticationToken oAuth2AuthenticationToken, @AuthenticationPrincipal(expression = "idToken") OidcIdToken idToken) {
System.out.println(idToken);
}
Upvotes: 1
Related Questions
- Java MS Graph SDK get GraphClient Using an Existing AccessToken (5.13.0 version)
- Get token for Microsoft Graph API in Java
- How to get oauth2 access token in a spring boot application (not a web application) using spring security 5
- How and where to get access token from oauth2 authorization server?
- How to get Microsoft graph access token from java spring
- How get a token in spring boot 2 oauth2?
- Accessing Microsoft Graph Rest Services in Java using Web App Credentials in Azure Portal
- Configuration of Microsoft Graph OAuth2 authentication in Spring Security - Error AADSTS90014
- Graph authentication using validated JWT
- How to get a JWT token from openAM