How to integrate spring security with Azure OAuth2.0 endpoint ?

Raghavan 0 Reputation points
2024-07-06T03:12:26.2133333+00:00

We are trying to use spring-boot-oauth-resource-server approach to enable authentication and authorization against Azure OAuth. We have registered a client app and create the client secret, scope api endpoints etc. We are also able to generate a token using the OAuth token endpoint - https://login.microsoftonline.com/******/oauth2/v2.0/token

However, when we try to access the endpoint for token verification via the spring boot app, the token validation happens against https://sts.windows.net while the certificate for the endpoint (login.microsoftonline.com) has no SubjectAlternateList for the sts.* or *windows.net and hence fails

Appreciate any pointers or recommendations to resolve the same.

Note: The same spring boot app has been tested with keycloak server as AuthorizationServer and works fine. Problem is while integrate with Azure Authorization endpoint.

Azure App Configuration
Azure App Configuration
An Azure service that provides hosted, universal storage for Azure app configurations.
237 questions
Azure Spring Apps
Azure Spring Apps
An Azure platform as a service for running Spring Boot applications at cloud scale. Previously known as Azure Spring Cloud.
126 questions
{count} votes

1 answer

Sort by: Most helpful
  1. JananiRamesh-MSFT 27,831 Reputation points
    2024-07-10T07:24:31.6666667+00:00

    @Raghavan Thanks for reaching out. It’s possible that your client application is getting a v1 token even when sending the request to the v2 endpoint. This could be due to the configuration of your application in Azure.

    The version of the access tokens is determined by the accessTokenAcceptedVersion in the manifest of your application/API. If accessTokenAcceptedVersion is set to null or 1, then all client applications requesting access tokens to call this resource will get a v1 access token.

    To get a v2.0 token, you need to change the accessTokenAcceptedVersion to 2 in your application’s manifest. After making this change, try generating the token again.

    https://learn.microsoft.com/en-us/entra/identity-platform/reference-app-manifest#accesstokenacceptedversion-attribute

    Hope this helps! Do let me know incase of further queries, I would be happy to assist you.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.