I'm trying to setup client credential flow with a Spring app access a web api (both owned by myself). I've attempted to follow the Azure documentation Microsoft identity platform and the OAuth 2.0 client credentials flow and Quickstart: Configure a client application to access a web API but I'm running into a few problems because the documentation is not clear. Somewhere in my setup, Azure is forcing the user to sign-in, and then other error messages sprout from there. As we know, however, client credential should be machine to machine authorization so I'm not sure why this sign-in flow is happening.
Below is my setup. Any feedback would be helpful getting me up running.
Environment
OS: Ubuntu 20.10
IDE: Visual Studio Code
Library/Libraries:
com.azure.spring:azure-spring-boot-starter-active-directory:3.5.0
org.springframework.boot:spring-boot-starter-oauth2-client
application.yml
azure:
activedirectory:
tenant-id: {my-web-app-tenant-id}
client-id: {my-web-app-client-id}
client-secret: {my-web-app-client-secret}
authorization-clients:
web-api:
scopes:
- api://example-api/Employees.Read.All
- api://example-api/Employees.Write.All
Azure Configuration
You should currently be performing server-to-server interaction, that is, no user involvement. So your server application needs to create an
appRole, and then grant the app Role as an application permission to the client application.First, you need to expose the api of the server application protected by Azure, which can be configured according to the following process:
Azure portal>App registrations>Expose an API>Add a scope>Add a client application
Then you need to create the
appRoleof the server application, and then grant that role as an application permission to the client application.Next, go to client application>API permissions>Add a permission>My APIs>your api application.
Finally, you need to obtain an access token using the client credential flow where no user is logged in:
Parse the token: