Geek Answers Handbook

Using Azure Active Directory as OAUTH2 Authentication Service for Spring-boot REST Service

I am trying to implement spring-boot based REST service which should use Azure AD as OAuth2 server for client authentication.

I registered two applications:

  • Mobile native application that is used as a client for my service
  • Rest-service as a backend.

All requests to the server application must be authenticated through Azure AD using the OAuth2 stream.

As a mobile application implementation, I use curl:

To get a Bearer token, I use https://login.microsoftonline.com/TENANT_ID/oauth2/token

curl -s -X POST https://login.microsoftonline.com/<TENANT_ID>/oauth2/token -d grant_type=password -d username=$USER_NAME -d password=$PASSWORD -d resource=$RESOURCE_ID -d client_id=$CLIENT_ID

where $ USER_NAME and $ PASSWORD are the loan funds of the Azure AD user, $ RESOURCE_ID is the SID of my REST service, and $ CLIENT_ID is the SID of my mobile client for the REST service.

Azure successfully returns JSON with token data.

My Oauth2 Config for Backend Application:

 @Configuration @EnableResourceServer public class OAuth2Config extends ResourceServerConfigurerAdapter { @Bean ResourceServerTokenServices resourceTokenServices() { RemoteTokenServices tokenServices = new RemoteTokenServices(); tokenServices.setClientId(resourceId); tokenServices.setClientSecret(/*I do not have it*/resourcePassword); tokenServices.setCheckTokenEndpointUrl(/*I do not have it*/checkToken); return tokenServices; } @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.tokenServices(resourceTokenServices()); resources.resourceId("rest_api"); } @Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/**").authenticated(); } }

My REST controller:

 @RestController @RequestMapping("/data") public class CustomerRestController { @RequestMapping(method = RequestMethod.GET) public SomeData getMyData(Principal principal){ System.out.println("RESOURCE WAS REQUESTED BY " + principal.getName()); return new SomeData(principal.getName()); } }

But I did not find in the list of endpoints any URL that my REST service can use to validate the carrier token and receive user data from Azure AD. Also, as I understand it, it needs to provide some credentials for my REST service to use Azure AD

How can I find the required values, or am I mistaken?

+5
source share
1 answer

Finally, I have an answer.

Azure AD uses JWT tokens for authorization, so I need to implement working with this type of tokens instead of checking the token on the server.

+4
source

More articles:


All Articles