Hi,
I am working on one poc, where users are supposed to give me their username and password to authenticate from one of my microservice. My backend creates users in azure ad through graph apis.
Now what I am trying to do is, i user MSAL4J library to authenticate my users with username and password, and i provide them their idToken and accessToken
there's an another microservice, which generate some report. I am trying to secure it with oauth2 access token. My spring boot application says
Failed to authenticate since the JWT was invalid
Did not store empty SecurityContext
Cleared SecurityContextHolder to complete request
This the application.yml code
spring:
security:
oauth2:
resourceserver:
jwt:
issuer-uri: ${JWT_ISSUER_URI:https://sts.windows.net/<tenantId>;/}
and spring security dependencies that i have in my application are
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
I tried to acquire this access from https://login.microsoftonline.com/organizations/oauth2/v2.0/token postman api call also, that gives me idToken, accessToken, refreshToken
url encoded parameters that i pass in this request are
client_id:
scope:user.read openid profile offline_access
client_secret:
username:
password:
grant_type:password
Please help me to resolve this scenario.
My Security Configuration in Spring Boot application
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and() // (1)
.authorizeRequests().anyRequest().authenticated() // (2)
.and().oauth2ResourceServer().jwt(); // (3)
}
}
