Azure AD OAuth 2.0 Code Grant Authorization with Java Jersey

Question

My REST request looks like this after I read through this guide: How to Authorize to Microsoft Azure-AD

Client cli = ClientBuilder.newClient();
WebTarget webTar = cli.target("https://login.microsoftonline.com/yyyyy.onmicrosoft.com/oauth2/authorize").queryParam("response_type", "code");
webTar = webTar.queryParam("client_id", "ed4d67dc-34a8-4eb3-9058-49f39yyyyyy");
webTar = webTar.queryParam("redirect_uri", URLEncoder.encode("https://xyxyxyx.onmicrosoft.com/o365jso", "UTF-8"));
String response = webTar.request(MediaType.APPLICATION_JSON).get(String.class);

However I am receiving a full HTML as response which concludes that the endpoint thinks I am a browser. Is there a way to somehow proceed correctly (in form of a URL to authorization side) to receive the authorization code and afterwards access Token for Sharepoint/Exchange afterwards with Java Jersey?

Answer 1

In the Authorization Code Grant flow, the user agent (e.g. a browser) is the one that should be making a GET request to the authorization endpoint. This is the first step described in the document:

1. The client application starts the flow by redirecting the user agent to the Azure AD authorization endpoint. The user authenticates and consents, if consent is required.

This is necessary so that the different posible user interactions can take place. Sometimes a user consent prompt is displayed, or perhaps multi-factor authentication, or federation to the user's on-premises STS is required.

Once the user has authenticated, Azure AD will redirect the user agent back to the URI specified in redirect_uri, including the authorization code as a query parameter. This will result in a GET request to your service, with a code parameter that you can use to request an Access Token (now you would make the request directly from your service to Azure AD).

If, instead of authenticating the user, you are interested in doing service-to-service authentication, you would use a different flow, as described in Service to Service Calls Using Client Credentials.