Reputation: 5779
authentication to azure don't return an access token for my api
I created a basic spring boot application with spring cloud azure
@RestController
public class TestController {
@GetMapping("admin")
@ResponseBody
public String getInfo(@RegisteredOAuth2AuthorizedClient("azure") OAuth2AuthorizedClient authorizedClient, OAuth2AuthenticationToken token) {
System.out.println(authorizedClient.getAccessToken().getTokenType());
System.out.println(authorizedClient.getAccessToken().getScopes().toString());
System.out.println(authorizedClient.getAccessToken().getTokenValue());
return "info";
}
@GetMapping("/graph")
@ResponseBody
public String graph(
@RegisteredOAuth2AuthorizedClient("graph") OAuth2AuthorizedClient graphClient
) {
// toJsonString() is just a demo.
// oAuth2AuthorizedClient contains access_token. We can use this access_token to access the resource server.
return toJsonString(graphClient);
}
}
application.properties
spring.cloud.azure.active-directory.profile.tenant-id=04a485d4-754c-4912-b891-f9cd98c49123
spring.cloud.azure.active-directory.credential.client-id=9a452e9f-a9ba-412e-9efc-213c3bcaab0b
spring.cloud.azure.active-directory.credential.client-secret=M6a8Q~HAV_ajXKBQox~zsLs2jo-tuhLEJ4~4.aUq.aUq
spring.cloud.azure.active-directory.authorization-clients.graph.scopes=https://graph.microsoft.com/User.Read.All, openid
I registered a new application in microsoft Azure I created permission for the application and another for microsoft graph
In Expose an api, i see for application id url https://giadevacme.onmicrosoft.com/9a452e9f-a9ba-412e-9efc-213c3bcaab0b
So when i go to localhost/admin
I get a login screen to enter my phone number or email
It's the simple application you can do to authenticate to azure ad.
Token returned is not good for api backend because
"aud": "00000003-0000-0000-c000-000000000000",
I was thinking then for the 3 value (tenant, client id, and client secret) in my properties file will allow me to log user and be able to call api backend.
is it possible to get an access token that is intended for my api backend or i need to do another call?
tried to call my controller graph, token had
"aud": "https://graph.microsoft.com",
but i was not able to call the backend with it
Edit
when i had
spring.cloud.azure.active-directory.authorization-clients.graph.scopes=...
I was able to call backend api with access token from both endpoint
Upvotes: 0
Views: 82
Answers (0)
Related Questions
- Azure AD token for accessing Graph token
- OAuth2AuthorizedClient access token have bad aud
- Access Token Scope Issue in Azure AD and Power
- Azure Authentication - Access Token returning wrong AUD(00000003-0000-0000-c000-000000000000)
- Access Token through Azure Active Directory for Graph API ends in Property Error
- Microsoft Graph API auth error: "Access token validation failure. Invalid audience"
- Is it possible to configure Azure Digital Twins API access for a Daemon App?
- Call Microsoft graph API using Azure B2C
- Invitations API returns 401 Access token validation failure. Invalid audience