How to authenticate user accessing my finatra rest api (Scala) with azure active directory

Question

I have a Scala rest service on Finatra and would like to authenticate users accessing my rest service using Azure Active Directory.

Currently, I can do a curl to get the access token:

curl -s -X POST https://login.microsoftonline.com/tenant id/oauth2/token -d grant_type=password -d username=$username -d password=$pass  -d resource=$resID -d client_id=$id -d client_secret=$key

But it requires the user to pass his password as a parameter which is a security concern.

Is there a way to authenticate the user using Azure AD with taking in the password (I am pretty sure this is not possible) or asking him to sign in?

Answer 1

It is not recommended to use your user and password to login Azure account. You had better create service principal to sign in your Azure account. Please refer to this link: Use portal to create an Azure Active Directory application and service principal that can access resources.

Also, you could use Azure CLI 2.0 to create this.

az ad sp create-for-rbac --name {appId} --password "{strong password}" 

Example:

az ad sp create-for-rbac --name shuiexample --password "Password012!!"

You could get result like below:

{
  "appId": "bca24913-026d-4020-b9f1-add600bf9045",
  "displayName": "shuiexample1234",
  "name": "http://shuiexample1234",
  "password": "*******",
  "tenant": "*******"
}

Sign in using the service principal.

APPID="bca24913-026d-4020-b9f1-add600bf9045"
PASSWORD="******"
TENANTID="*******"

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'client_id=$APPID&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret=$PASSWORD&grant_type=client_credentials' 'https://login.microsoftonline.com/$TENANTID/oauth2/token'