1

I am supposed to get Access token from Azure AD using SDK java ( i have the clientid, clientSecret and tenantId), and send the Access token to the UI. Next this token is sent in the request headers of an api call and i need to use this access token to call users, groups and so on. I could figure out the code as below to get the access token.

         AccessToken tokenSync = new ClientSecretCredentialBuilder()
                .clientId(clientId)
                .clientSecret(clientSecret)
                .tenantId(tenantId).build().getTokenSync(null);

The above code gives me the access token and this is sent to the UI and then the same token is sent back to call the users, groups api using SDK java.

How can i use this token to call user and groups ?

Using this token can i get the GraphClient to call the api such as users, groups ?

How can i validate whether this token is expired and re-generate a new token using the above code.

I am unable to find methods to use the same access token and do subsequent calls to groups and users using SDK java. Any help/suggestions please

Avinash Reddy
  • 2,204
  • 3
  • 25
  • 44

1 Answers1

0

How can i use this token to call user and groups ? Using this token can i get the GraphClient to call the api such as users, groups ?

Use the below code to generate access token and using GraphServiceClient class you can retrieve list of users and groups.

ConfidentialClientApplication  app  =  ConfidentialClientApplication
.builder("Client_id",
ClientCredentialFactory.createFromSecret("client_secret"))
.authority("https://login.microsoftonline.com/tenant_id").build();

ClientCredentialParameters  parameters  =  ClientCredentialParameters
.builder(Collections.singleton("https://graph.microsoft.com/.default")).build();

CompletableFuture<IAuthenticationResult>  future  =  app.acquireToken(parameters);

IAuthenticationResult  result  =  future.get();
String  accessToken  =  result.accessToken();
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider(
            request -> {
                request.addHeader("Authorization", "Bearer " + accessToken);
            }).buildClient();

// Retrieve the list of groups
List<Group> groups = graphClient.groups().buildRequest().get().getCurrentPage();

// Retrieve the list of users
List<User> users = graphClient.users().buildRequest().get().getCurrentPage();

How can i validate whether this token is expired and re-generate a new token using the above code.

Using the below code, you can check whether the previous token is expired or not. If it is expired, the below code will refresh the token and generate the new one and you can authenticate.

Instant  expirationTime  =  result.expiresOnDate().toInstant();
Instant  currentTime  =  Instant.now();
Duration  duration  =  Duration.between(currentTime,  expirationTime);

if  (duration.toMinutes()  <  5)
{
future  =  app.acquireToken(parameters);
result  =  future.get();
accessToken  =  result.accessToken();
}

Below are the expired and newly generated tokens in my environment: enter image description here

Note: The scope "https://graph.microsoft.com/.default" which is related to Microsoft graph Api scope, you can use it to retrieve list of users and groups.

Pravallika KV
  • 2,415
  • 2
  • 2
  • 7