Azure AD auth with WebApplication accessing Resource Server which access another Resource Server

Question

I'm a bit confused about how to build the flow where:

1. I have web application written in Angular which makes http requests to Resource Server (Spring Boot) A.
2. Resource Server A makes http request to Resource Server B (Spring Boot).

So basically there is no direct connection between web application and resource server B. I guess I should configure Resource Server A as a client and as resource server.

I was trying to follow the scenario "Resource server visiting other resource servers" from https://learn.microsoft.com/en-us/java/api/overview/azure/spring-boot-starter-active-directory-readme?view=azure-java-stable but its kinda confusing for me. For example how should I build the request to Resource Server B with token? What exactly is method "CallGraph" doing?

Thanks in advance.

Answer 1

how should I build the request to Resource Server B with token?

use resource-server B's access token to request from resource-server A.

Add the dependencies as mentioned in the document which you have mentioned above in your pom.xml.

Add the properties from the above mentioned link in the application.yml file.

What exactly is method "CallGraph" doing?

By using @RegisteredOAuth2AuthorizedClient("graph") annotation, here callGraph method returning the string "graph" of type "OAuth2AuthorizedClient".

For more info refer this link.