How to integrate spring security with Azure OAuth2.0 endpoint ?

Question

We are trying to use spring-boot-oauth-resource-server approach to enable authentication and authorization against Azure OAuth. We have registered a client app and create the client secret, scope api endpoints etc. We are also able to generate a token using the OAuth token endpoint - https://login.microsoftonline.com/******/oauth2/v2.0/token

However, when we try to access the endpoint for token verification via the spring boot app, the token validation happens against https://sts.windows.net while the certificate for the endpoint (login.microsoftonline.com) has no SubjectAlternateList for the sts.* or *windows.net and hence fails

Appreciate any pointers or recommendations to resolve the same.

Note: The same spring boot app has been tested with keycloak server as AuthorizationServer and works fine. Problem is while integrate with Azure Authorization endpoint.

Answer 1

@Raghavan Thanks for reaching out. It’s possible that your client application is getting a v1 token even when sending the request to the v2 endpoint. This could be due to the configuration of your application in Azure.

The version of the access tokens is determined by the accessTokenAcceptedVersion in the manifest of your application/API. If accessTokenAcceptedVersion is set to null or 1, then all client applications requesting access tokens to call this resource will get a v1 access token.

To get a v2.0 token, you need to change the accessTokenAcceptedVersion to 2 in your application’s manifest. After making this change, try generating the token again.

https://learn.microsoft.com/en-us/entra/identity-platform/reference-app-manifest#accesstokenacceptedversion-attribute

Hope this helps! Do let me know incase of further queries, I would be happy to assist you.