Reputation: 2426
Unable to Auth MS Graph using MSAL4J username-password flow
I have a Java (Spring Boot) App (Not a web app, only backend App), from which I am trying to call the Microsoft Graph APIs to send a Mail through my application.
The code runs a Cron Scheduler to send the mail at a fixed time daily. My App does not have a UI where I can ask a user to manually log in.
The Java Code uses a service account to authenticate. The service account is a work account and not a personal account.
I am using the MSAL4J library and I have set up the relevant steps in Azure Active Directory as mentioned there.
I only have delegated access and no Application access. And, I am using the Username-Password Flow to authenticate using the Service Account.
This is the sample Code that I am using.
I am able to run the code locally from My laptop which is in the organization "corp" network (VPN).
Now when I deploy the application to a AWS kubernetes cluster (outside my organization "corp" network) then, I get this error from within the MSAL4J library:
org.xml.sax.SAXParseException: The element type "br" must be terminated by the matching end-tag "</br>".
at java.xml/com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:261) ~[na:na]
at java.xml/com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:339) ~[na:na]
at java.xml/javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:122) ~[na:na]
at com.microsoft.aad.msal4j.MexParser.getPolicy(MexParser.java:76) ~[msal4j-1.4.0.jar!/:1.4.0]
at com.microsoft.aad.msal4j.MexParser.getWsTrustEndpointFromMexResponse(MexParser.java:112) ~[msal4j-1.4.0.jar!/:1.4.0]
at com.microsoft.aad.msal4j.WSTrustRequest.execute(WSTrustRequest.java:62) ~[msal4j-1.4.0.jar!/:1.4.0]
at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.processPasswordGrant(AcquireTokenByAuthorizationGrantSupplier.java:76) ~[msal4j-1.4.0.jar!/:1.4.0]
at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:33) ~[msal4j-1.4.0.jar!/:1.4.0]
at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:59) ~[msal4j-1.4.0.jar!/:1.4.0]
at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:17) ~[msal4j-1.4.0.jar!/:1.4.0]
at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700) ~[na:na]
at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]
The error comes from the following line of Code:
result = pca.acquireToken(parameters).join();
The MSAL4J library does not have any debug logs and there is no way to identify what is causing this error.
Could someone please help in identifying what the issue could be?
Upvotes: 0
Views: 1875
Answers (2)
Reputation: 836
The data returned by the endpoint is not valid XML. This might be happening because you cant reach the endpoint from outside of the corp network.
You should consider using client credentials flow, not username password. This article explains why shouldn't use username password.
Switching to client credentials might fix your problem, as you won't have to call the WS-Trust endpoint that username password calls.
Upvotes: 0
Reputation: 7483
I try the sample code that you used, but I don't get this error. The token and username are printed on the console.
The error is usually caused by the encoding. Debug your code and check the encoding of XML.
Upvotes: 1
Related Questions
- Microsoft graph return "access token is empty"
- Not able to get access token from azure AD using MSAL4J
- Why my valid MS access_token can't be parsed with jwt.ms?
- Microsoft Graph SDK for Java - InvalidAuthenticationToken error 80049217
- Get token for Microsoft Graph API in Java
- Microsoft Graph API access token validation failure (java)
- Microsoft Oauth2 403 Forbidden
- Microsoft Graph 401 Unauthorized with access token
- Authenticate using IAuthenticationProvider
- Microsoft Graph API beta endpoint gives 401 Unauthorized