Login.live Opaque Access Token

Matthias Kopeinigg 0 Reputation points
2024-11-29T19:05:54.3066667+00:00

I currently try to create a Website where i'm amble to login with microsoft (Microsoft Entra ID) and also get data from minecraft if the user has minecraft connected to his account.

Therefore i used the authorization_code flow for login.live.com using the spec https://login.live.com/.well-known/openid-configuration:

GET https://login.live.com/oauth20_authorize.srf?
client_id=xxx&
scope=XboxLive.signin+XboxLive.offline_access+openid+profile+offline_access&
redirect_uri=http://localhost:8080/redirect&
response_type=code&
response_mode=query&
nonce=xxx&
tenant=consumers

What i get is the authorization code

Now if i try to get the tokens:

POST https://login.live.com/oauth20_token.srf?
client_id=xxx&
client_secret=xxx&
code=xxx&
redirect_uri=http://localhost:8080/redirect&
grant_type=authorization_code

Response:

{
    "token_type": "bearer",
    "expires_in": 3600,
    "scope": "XboxLive.signin XboxLive.offline_access",
    "access_token": "EwAoxxx",
    "refresh_token": "M.C527xxx",
    "id_token": "eyJ0eXAixxx"
}

The problem that i now have, is that the access token is a Opaque Token.

There is no token introspection endpoint to validate the token neither any documentation to change the access-token response to a JWT instead.

My Bff has all 3 tokens stored and can authenticate requests, but my internal api's authenticate request via access-tokens, so here i'm not able to handle the forwarded access-token from the BFF.

Here is my flow:

azure-flow

Post on stackoverflow: https://stackoverflow.com/questions/79235827/spring-oauth2-flow-with-azure-ad

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,425 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.