OneDrive authentication using ADAL4J
The Active Directory Authentication Library for Java (ADAL4J) allows authentication via access token to the Microsoft Graph API, using the following (simplified) code:
public String authenticate(String authorizationUrl, String clientId, String clientSecret) throws Exception {
ExecutorService service = Executors.newFixedThreadPool(1);
AuthenticationContext context = new AuthenticationContext(authorizationUrl, false, service);
ClientCredential credential = new ClientCredential(clientId, clientSecret);
Future<AuthenticationResult> future = context.acquireToken(“https://graph.microsoft.com”, credential, null);
return future.get().getAccessToken();
}
The above works for certain parts of Graph (e.g., for accessing Office 365 accounts), but does not work for OneDrive, where it returns an access token that does not have proper authorization.
Acquiring an access token via POSTMAN works as expected, with the following parameters:
authorizationUrl: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
accessTokenUrl: https://login.microsoftonline.com/common/oauth2/v2.0/token
clientId: <the clientId for the application>
clientSecret: <the clientSecret for the application>
scope: https://graph.microsoft.com/.default
state: <empty>
More specifically, running the above in POSTMAN returns an access token with additional scopes, including https://graph.microsoft.com/Files.ReadWrite.All. Using that access token in the Java application that calls the authenticate() method above, does work, e.g. it lists the contents of the root directory using /me/drive/root/children as the REST path.
If, however, the access token returned by the authenticate() method is used, an error is returned by OneDrive. Removing the user name (me) from the path returns only 1 file name, if the specific tenant ID is used instead of common in the authorizationUrl.
There seems to be no way to add a scope value in ADAL4J and numerous other variations either result in an error, or in getting back 1 file (probably from a different context).
Is there any way to get a fully authorized access token via ADAL4J, for OneDrive?
There are two different permissions: one is application permission, the other is delegated permission.
"Delegated" permissions, which specify scope-based access using delegated authorization from the signed-in resource owner, are presented to the resource at run-time as "scp" claims in the client's access token.
"Application" permissions, which specify role-based access using the client application's credentials/identity, are presented to the resource at run-time as "roles" claims in the client's access token.
When you get token from POSTMAN for the first time, you will be asked to provide your credentials. In this way, you will get a token with delegated permission, which represents the account. So that, you can call the Graph API under /me.
However, the java code you used to get token can only get an access token with application permission. The application does not have a user identity, as a result, you will get an error while call the Graph API under /me. With application permission, you can only call the Graph API as /users/{user-id}
Solution:
You can get an access token with delegated permission in Java as following:
A) Create an app with public client platform
B) Add necessary Graph API permission, and grant admin consent for your tenant
C) Get token
ExecutorService service = Executors.newFixedThreadPool(1);
AuthenticationContext context = null;
try {
context = new AuthenticationContext("https://login.microsoftonline.com/" + "TENANT_ID", false, service);
Future<AuthenticationResult> future = context.acquireToken("https://graph.microsoft.com", "client_id", "username", "password",null);
System.out.println( future.get().getAccessToken());
} catch (InterruptedException e) {
e.printStackTrace();
} catch (ExecutionException e) {
e.printStackTrace();
} catch (MalformedURLException e) {
e.printStackTrace();
}finally {
service.shutdown();
}
- Start and end date of a current month
- How to mock just one static method in a class using Mockito?
- ant file build failed due to below errors
- How to make smooth circle texture?
- How can I do a post-order traversal of a tree, when the only function I have is getChildren()?
- What is the variance of java .class files across different compilers, versions, dependencies?
- IntelliJ web service and Java client IllegalArgumentException TestWebService is not an interface
- The Java Compiler API does not work I keep getting unable to resolve class javax.tools.JavaCompilerTool and other similar ones
- Compiling multiple packages using the command line in Java
- Java Calendar - Date is unpredictable after setting day_of_week
- "The left hand side of an assignment must be a variable" due to extra parentheses
- Odd compiler error on if-clause without braces
- Problem in upcasting in Java?
- How to set a SpannableString to an EditText in an Android Material TextInputLayout?
- Android @Override issues
- How to ‘partly compile’ Java in Eclipse?
- Dates with no time or timezone component in Java/MySQL
- Compilation error while compiling class within another
- How to debug .class files in ECLIPSE?
- Java generics: What is the compiler's issue here? ("no unique maximal instance")
- How can I convert a List<int[]> to a 2D array?
- Spring Cloud Gateway doesn't work with DiscoveryClientRouteDefinitionLocator
- Dynamic spring data jpa repository query with arbitrary AND clauses
- How to compile Java program with .jar library
- SunCertPathBuilderException when upgrading to Spring Boot 3.2
- Write to single cell in OPENcsv Java
- Try catch and user input
- Access jdk.unsupported from JUnit doesn't need module require
- Create and install de-lomboked source jar in maven
- Why Does My Java Code to find multiple occurrences in of a Sting in another String not work?