microsoftgraph
No Way to Initialize the AuthorizationCodeProvider using a valid RefreshToken
In situations where you have already persisted the AccessToken (First Time Retrieved ) and refresh Token in the database for future use, there should be a way to initialize the AuthorizationCodeProvider with a RefreshToken directly instead of AuthorizationCode . The feature request is analogous to what is available in google-oauth library with Credential Class.
@zeeshan-v1 Thanks for creating this issue. We will look into meeting this requirement.
Any update regarding this issue? I don't want to make my users consent every time they log in.
Hey everyone, Thanks for the feedback. For the v3 of the SDK, we're actively working on integrating with Azure identity which will allow for more authentication and authorization scenarios. This integration will replace the -auth library (this repo). You can follow the progress here, here, and there. I'm leaving this issue open for now for visibility but we'll do a round of closing once the v3 is ready.
@baywet Is there a timeline for v3 / transparent (re-)auth? The milestones have Nov2020 but that does not seem possible anymore ;)
@black-snow thanks for the nudge. Indeed, some work is taking longer than originally expected and/or uncovering other issues I had not anticipated. Overall this is a good thing as it'll raise the quality bar for the SDK, but it means we are looking at a later release date. I've updated to Dec 18th, again, this is a tentative like always.
I've updated to Dec 18th, again, this is a tentative like always.
Looks like it's Jan 18th now :P
Full transparency: what's blocking us at the moment is a decision on which android API level we'll support. Initial v3 work had managed to keep it to 21 but some dependencies on the identity changes are 26, which we feel is a big drop in audience. We're trying to regroup with the identity teams to see what can be done here but it's unlikely that it'll happen before holiday times. Thanks for your patience!
@black-snow (and others) you might be interested in this https://github.com/microsoftgraph/msgraph-sdk-java/issues/628 :)
@baywet thanks for the update! I haven't tested the preview yet but, ad hoc, I don't see what's changed. Is the auth lib now part of the SDK? But I still need to do the actual authentication flow with AAD outside the SDK, right? I use msal4j, ripped and adjusted from the sample somewhere.
@black-snow We're now relying on azure-identity (which uses msal under the covers, but also streamlines auth with azure services). See this diff all the *Credential classes come from azure-identity and TokenCredentialAuthProvider comes from core (v2). So no need for this auth library anymore. Should you still need to implement your own authentication provider (the need is reduced as azure identity supports more flows than we used to), the interfaces have been simplified, you only need to extend BaseAuthenticationProvider.
@baywet thanks for the quick reply! So I can basically replace my msal4j custom auth flow from the spring boot sample with azure-identity's InteractiveBrowserCredential? But what's the matter with the azure vaults? We don't use vaults but store the tokens in our DB. Would you mind adding an example that does not use vaults?
Atm, we confront the users with an interactive OAuth 2.0 flow to connect with their MS account and store the refresh token (the whole token cache) in the DB. We then use the Graph API with the stored tokens (and silent flows) to send emails 'n stuff.
The reason why the samples you linked all use a vault is because they are backend services and the idea is to use azure-identity to get to the vault that contains all the secrets and then load those secrets from the vault, not from environment settings or configuration files. But all of that is optional, and doesn't even apply in some cases. Did you check this diff, this is the documentation update we're planning to push to the microsoft graph docs once v3 releases. It contains an example with interactive browser. The library already has a token cache, and renews tokens automatically for you. However, I believe this token cache is only volatile today, and I'm not sure they provide a way for you to pass in a refresh token you might have stored somewhere else.
It might be worth exploring, and if the library doesn't offer what you need, please create an issue here
use https://github.com/AzureAD/microsoft-authentication-library-for-java it work brilliant for all resources and has logic to renew token.
this is what azure-identity uses under the covers, so by using v3, with azure-identity you get all of that for "free". However azure-identity doesn't have the ability to pass in the refresh token directly (in case it was stored by the application).
When you say it has logic to renew token, do you mean we can initiate it using refresh token and it auto renews the access token if expired. Can u provide an example of the code
On Thu, 18 Feb 2021 at 8:03 PM, Valentin [email protected] wrote:
use https://github.com/AzureAD/microsoft-authentication-library-for-java it work brilliant for all resources and has logic to renew token.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/microsoftgraph/msgraph-sdk-java-auth/issues/14#issuecomment-781385001, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABQC2OPNOZOKMFMA73X2KJTS7UQL3ANCNFSM4HXBPOAA .
-- Regards, Zeeshan Ali
@zeeshan-v1 look to https://github.com/AzureAD/microsoft-authentication-library-for-java/tree/dev/src/samples
Hi @zeeshan-v1 Thanks for reaching out and for the patience. With the release of the v3 of the java SDK, it now integrates with Azure Identity which supports a wide variety of authentication flows out of the box. We strongly encourage you to migrate to this v3 + azure identity, and you can read more about it in this issue. https://github.com/microsoftgraph/msgraph-sdk-java/issues/628
This issue won't be fixed, but I'll leave it open for visibility, and the repository will be archived soon.