azure-sdk-for-java icon indicating copy to clipboard operation
azure-sdk-for-java copied to clipboard

Published 20 hours ago verified publisher icon Azure

[BUG] On behalf of flow. requested_token_use parameter missing after upgrading to version 4.3

Open eoskd opened this issue 1 year ago • 3 comments

Describe the bug After upgrading from 4.2 to 4.3 on behalf of flow with spring-cloud-azure-starter-active-directory is not working.

Exception or Stack Trace org.springframework.security.oauth2.client.ClientAuthorizationException: [invalid_request] AADSTS900144: The request body must contain the following parameter: 'requested_token_use'

To Reproduce Upgrade spring-cloud-azure-starter-active-directory from 4.2 to 4.3

Code Snippet

  profiles:
    active: local
  cloud:
    azure:
      active-directory:
        enabled: true
        profile:
          tenant-id: cxxx
        credential:
          client-id: fxxx
          client-secret: <Legg til secret her>
        authorization-clients:
          myclient:
            authorization-grant-type: on_behalf_of
            scopes:
              - 6xxx/.default

Expected behavior Receive correct token

Screenshots

Setup (please complete the following information):

  • OS: [e.g. iOS]
  • IDE: [e.g. IntelliJ]
  • Library/Libraries: com.azure.spring:spring-cloud-azure-starter-active-directory:4.3.0
  • Java version: 17
  • App Server/Environment: Tomcat
  • Frameworks: Spring Boot

eoskd avatar Aug 09 '22 11:08 eoskd

Hi @eoskd thanks for reaching out to us via this GitHub issue. @yiliuTo from the Azure Spring team will follow up with you shortly.

joshfree avatar Aug 09 '22 19:08 joshfree

@chenrujun could you help to take a look?

yiliuTo avatar Aug 10 '22 01:08 yiliuTo

Hi @eoskd , sorry for disturbing your use, I will fix this issue soon.

Here is a temporary solution for your reference: Add extra configuration to enable the bean OAuth2ClientAuthenticationJwkResolver, and actually you will not use the client authentication method with private_key_jwt, then the OBO process will work fine.

  profiles:
    active: local
  cloud:
    azure:
      active-directory:
        enabled: true
        profile:
          tenant-id: cxxx
        credential:
          client-id: fxxx
          client-secret: <Legg til secret her>
          client-certificate-path: <put-the-dummy-certificate-file-path-with-pfx-or-p12-extension, such as, C:/test.txt.p12>
          client-certificate-password: <put-the-dummy-password>
        authorization-clients:
          myclient:
            authorization-grant-type: on_behalf_of
            scopes:
              - 6xxx/.default

moarychan avatar Aug 11 '22 00:08 moarychan

Hi, I've the same problem and been forced to downgrade to 4.2 springboot azur starter version ! Wish be fixed in 4.4

smehdux avatar Sep 21 '22 09:09 smehdux

@smehdux

Thank you for your check. This problem is targeting to be fixed in 4.4 originally. Please refer to the changelog: https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/spring/CHANGELOG.md

image

And 4.4.0 is planned to be fixed at the end of this month.

chenrujun avatar Sep 22 '22 02:09 chenrujun