How to generate an accessToken to use with Microsoft informationprotection Java SDK
I'm using Microsoft Information Protection SDK Wrapper for Java. I've the flow working with Username Password flow to get tokens for a user and it works well with the implementation of AuthDelegateImpl (implements IAuthDelegate).
However, I want to generate the token in advance (using SSO/Oauth/etc and not by Username/password flow) to be used by the com.microsoft.informationprotection.file.FileEngineSettings object to information protection operations.
Using the token generated for Graph API requests doesn't seem to work as the SDK rejects it. I'd like to figure out the correct way to generate the token since graph api token (which I have already available) gets rejected.
Note that: To generate access token to access Microsoft information protection, you need to grant Azure Rights Management Service API permissions to the Microsoft Entra ID application.
- The Graph Api token will not allow you to access Azure Rights Management Service API as it is meant for Microsoft Graph API.
- By using Microsoft Graph API access token, you can only call Microsoft Graph API.
- You can acquire tokens with authorization codes or interactively.
Hence, grant the API permissions based on your requirement like below:
Now generate the access token by passing scope as https://aadrm.com/.default in your code.
For sample, I generated access token via Postman using below parameters:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
scope:https://aadrm.com/.default
grant_type:authorization_code
code:code
redirect_uri:https://jwt.io
client_secret:ClientSecret
By using the above access token, you can call Microsoft information protection API.
You can make use of below code to generate the token:
PublicClientApplication pca = new PublicClientApplication.Builder(APP_ID)
.authority(AUTHORITY)
.build();
IAuthenticationResult result = pca.acquireToken(AuthorizationCodeParameters
.builder(authCode, new URI(REPLY_URL))
.scopes(scope)
.build())
.get();
References:
Acquire tokens interactively in MSAL Java - Microsoft Authentication Library for Java | Microsoft
Required API permissions - Microsoft Information Protection SDK | Microsoft
- How to find the delay when I reset a password using Microsoft's Graph API?
- Outlook calendar don't render with FullCalendar
- Azure Remove User Consent to API
- Production slot not using Production as ASPNETCORE_ENVIRONMENT variable
- Microsoft Identity Web: Change Redirect Uri
- Authenticating to Azure application with JMeter
- How do I solve audience (aud) invalid claim error for downstream api service?
- invalid_request: The provided value for the input parameter 'redirect_uri' is not valid
- I am getting an error that OAuth2 Code has already been redeemed
- Generating token for Fabric Rest api using client secret
- Authenticate to SQL Server with Azure app service managed identity through group
- Why is my Azure AD token request returning HTTP 400 consent error for API permissions that have been granted?
- How to set Azure MSAL SSO for my Nextjs14 app using Approuter and next-auth
- Unable to Connect to Azure PostgreSQL Database via Point-to-Site VPN with Azure Active Directory on macOS
- How do I retrieve the service principal password after creation using the azure cli?
- Cannot create Azure B2C Tenant
- Accessing Graph API from multi tenant App Function via identity
- My Azure AD B2C User Flow is not returning a token on jwt.ms
- AADSTS65001: The user or administrator has not consented to use the application with ID <app-id>
- AccountEnabled user property from Azure AD returning null
- Azure B2C user flow without an email
- How to use Azure Data Factory to take Business Central data and put into Azure SQL DB?
- Triggering a PowerAutomate desktop flow, using apis, fails due to access issues
- Azure - should the creator of a resource have owner rights?
- Scope is not being added to Access Token returned from Azure Ad
- The required field 'nonce' is missing from the credential. Ensure that you have all the necessary parameters for the login request. [Azure Open ID]
- Exchanging azure AD token with Identity server token
- Website authenticating users against AAD: can the OpenId document be provided offline to the consuming website?
- how to limit code verification email Spaming in Azure B2C
- Custom Claims in a Multitenant Microsoft Entra App