OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService = this.userInfoEndpointConfig.oidcUserService; if (oidcUserService == null) { oidcUserService = new OidcUserService();
OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService = this.userInfoEndpointConfig.oidcUserService; if (oidcUserService == null) { oidcUserService = new OidcUserService();
OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService = this.userInfoEndpointConfig.oidcUserService; if (oidcUserService == null) { oidcUserService = new OidcUserService();
@Override public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException { final OidcUserService delegate = new OidcUserService(); // Delegate to the default implementation for loading a user OidcUser oidcUser = delegate.loadUser(userRequest); final OidcIdToken idToken = userRequest.getIdToken(); final String graphApiToken; final Set<GrantedAuthority> mappedAuthorities; try { // https://github.com/MicrosoftDocs/azure-docs/issues/8121#issuecomment-387090099 // In AAD App Registration configure oauth2AllowImplicitFlow to true final ClientRegistration registration = userRequest.getClientRegistration(); final ClientCredential credential = new ClientCredential(registration.getClientId(), registration.getClientSecret()); final AzureADGraphClient graphClient = new AzureADGraphClient(credential, aadAuthProps, serviceEndpointsProps); graphApiToken = graphClient.acquireTokenForGraphApi(idToken.getTokenValue(), aadAuthProps.getTenantId()).getAccessToken(); mappedAuthorities = graphClient.getGrantedAuthorities(graphApiToken); } catch (MalformedURLException e) { throw wrapException(INVALID_REQUEST, "Failed to acquire token for Graph API.", null, e); } catch (ServiceUnavailableException | InterruptedException | ExecutionException e) { throw wrapException(SERVER_ERROR, "Failed to acquire token for Graph API.", null, e); } catch (IOException e) { throw wrapException(SERVER_ERROR, "Failed to map group to authorities.", null, e); } // Create a copy of oidcUser but use the mappedAuthorities instead oidcUser = new DefaultOidcUser(mappedAuthorities, oidcUser.getIdToken(), getUserNameAttrName(userRequest)); return oidcUser; }
@Override public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException { final OidcUserService delegate = new OidcUserService(); // Delegate to the default implementation for loading a user OidcUser oidcUser = delegate.loadUser(userRequest); final OidcIdToken idToken = userRequest.getIdToken(); final String graphApiToken; final Set<GrantedAuthority> mappedAuthorities; try { // https://github.com/MicrosoftDocs/azure-docs/issues/8121#issuecomment-387090099 // In AAD App Registration configure oauth2AllowImplicitFlow to true final ClientRegistration registration = userRequest.getClientRegistration(); final ClientCredential credential = new ClientCredential(registration.getClientId(), registration.getClientSecret()); final AzureADGraphClient graphClient = new AzureADGraphClient(credential, aadAuthProps, serviceEndpointsProps); graphApiToken = graphClient.acquireTokenForGraphApi(idToken.getTokenValue(), aadAuthProps.getTenantId()).getAccessToken(); mappedAuthorities = graphClient.getGrantedAuthorities(graphApiToken); } catch (MalformedURLException e) { throw wrapException(INVALID_REQUEST, "Failed to acquire token for Graph API.", null, e); } catch (ServiceUnavailableException | InterruptedException | ExecutionException e) { throw wrapException(SERVER_ERROR, "Failed to acquire token for Graph API.", null, e); } catch (IOException e) { throw wrapException(SERVER_ERROR, "Failed to map group to authorities.", null, e); } // Create a copy of oidcUser but use the mappedAuthorities instead oidcUser = new DefaultOidcUser(mappedAuthorities, oidcUser.getIdToken(), getUserNameAttrName(userRequest)); return oidcUser; }