Issue
I'm trying to implement a spring-boot based REST service that should use Azure AD as an OAuth2 server for client authentication.
I registered two applicatons:
All requests to the backend app should be authenticated through Azure AD with using OAuth2 flow.
As an implementation of mobile app I'm using curl:
For obtaining a Bearer token I use https://login.microsoftonline.com/TENANT_ID/oauth2/token
curl -s -X POST https://login.microsoftonline.com/<TENANT_ID>/oauth2/token -d grant_type=password -d username=$USER_NAME -d password=$PASSWORD -d resource=$RESOURCE_ID -d client_id=$CLIENT_ID
where $USER_NAME and $PASSWORD are credetials of an Azure AD user, $RESOURCE_ID is a SID of my REST service and $CLIENT_ID is a SID of my mobile client for the REST serice.
Azure successfully returns JSON with token data.
My Oauth2 Config for Backend app:
@Configuration
@EnableResourceServer
public class OAuth2Config extends ResourceServerConfigurerAdapter {
@Bean
ResourceServerTokenServices resourceTokenServices() {
RemoteTokenServices tokenServices = new RemoteTokenServices();
tokenServices.setClientId(resourceId);
tokenServices.setClientSecret(/*I do not have it*/resourcePassword);
tokenServices.setCheckTokenEndpointUrl(/*I do not have it*/checkToken);
return tokenServices;
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.tokenServices(resourceTokenServices());
resources.resourceId("rest_api");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/**").authenticated();
}
}
My REST controller:
@RestController
@RequestMapping("/data")
public class CustomerRestController {
@RequestMapping(method = RequestMethod.GET)
public SomeData getMyData(Principal principal){
System.out.println("RESOURCE WAS REQUESTED BY " + principal.getName());
return new SomeData(principal.getName());
}
}
But I didn't find in the endpoint list any URL that can be used by my REST service for checking a bearer token and obtaining user data from Azure AD. Also, as I understand, it should be present some kind of credentials for my REST service for using Azure AD
How can I find required values or I'm going by a wrong way?
Solution
Azure AD uses JWT tokens for authorization, so I have to implement work with this type of tokens instead of checking a token on the server.
Answered By - Serg
Answer Checked By - Senaida (JavaFixing Volunteer)