azure-spring-boot-samples
azure-spring-boot-samples copied to clipboard
Azure-Samples
[QUERY] Using a custom Auth provider along with Azure AD
Query/Question
I have a project with the below mentioned configuration. Currently, it is running with spring boot and is using Azure AD for authorization. The good part of this set up is I did not write even 1 line of code to make it work, thanks to the great work done in creating the library. Appreciate the effort! Note that this application caters to internal users and hence is using Azure AD.
Now, I am tasked to enhance it further to allow external users to access the endpoints in the app. The external users needs to be authorised against a custom and in-house OAuth2.0 server.
My query is - is there a way in which I can use the same config/libraries that I already have in my set up and integrate the custom in-house OAuth2.0 server to validate tokens that were generated by our in-house lib? Is there any extensibility point that I can work with? Any help and/or guidance is appreciated.
Why is this not a Bug or a feature Request?
Creating this ticket to seek help and guidance. It is certainly not a bug. It could possibly be a feature request in case the solution isn't available.
Setup (please complete the following information if applicable):
- OS: Linux
- IDE: VS Code, IntelliJ
- Sample Path:
- Library/Libraries:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>spring-cloud-azure-starter-active-directory</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
</dependency>
Information Checklist
- [X] Query Added
- [X] Setup information Added
Hi, @castasint . Thanks for reaching out.
1. Confirm issue's purpose.
Firstly, let me confirm your scenario.
1.1. Confirm your scenario.
Since your project has this dependency:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
In my understanding, you project is a resource-server. A resource-server just validate the access token. You can refer to rfc6749 to get more information about resource-server.
1.2. Confirm your requirement.
Adding spring-cloud-azure-starter-active-directory will make your resource-server just allow access token that signed by Azure AD. You want to make your resource-server allow access token signed by other authorization servers.
Hi, @castasint . Thanks for reaching out.
1. Confirm issue's purpose.
Firstly, let me confirm your scenario.
1.1. Confirm your scenario.
Since your project has this dependency:
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-oauth2-resource-server</artifactId> </dependency>In my understanding, you project is a
resource-server. Aresource-serverjust validate the access token. You can refer to rfc6749 to get more information about resource-server.1.2. Confirm your requirement.
Adding
spring-cloud-azure-starter-active-directorywill make yourresource-serverjust allow access token that signed by Azure AD. You want to make yourresource-serverallow access token signed by other authorization servers.
Hey @chenrujun - you're right, my application is a resource server. I just need to validate the token. Now, I may receive tokens from different providers including AAD. Right now spring-cloud-azure-starter-active-directory is taking care of validating the token. Tomorrow, if I were to validate a token against Facebook, twitter or an in-house provider, what should I do? Do I need to get rid of spring-cloud-azure-starter-active-directory and write custom code, or does it provide an extensibility point using which I can also work with other providers?
@castasint , currently, the spring-cloud-azure-starter-active-directory can not support integrating other providers and has no extensibility point, you can customize your own ClientRegistrationRepository bean and add other client registrations, please refer to the similar solution(POC for Azure AD B2C) if you want to extend the implementation.
