1

我有一个用 Java 编写并在 AWS 上运行的守护程序。它使用基于客户端 ID、客户端密码和租户 ID 的令牌为我支持的 100 个用户帐户中的每一个调用多个 Microsoft API。使用 MS Azure Active Directory Library for Java (ADAL4J) 一切正常。但那是再见了,所以我被迫使用 MS Authentication Library for Java (MSAL4J)。

基本上,我需要使用客户端 ID、机密和租户来获取 MS API 所需的 accessToken。

经过大量的示例(其中许多编译)之后,似乎这是我能得到的最接近的代码:

    public static String getToken( String apiUrl, 
            String clientId, 
            String clientSecret,
            String tenantId,
            String authUrl ) {

        String token = null ;

        if ( !authUrl.endsWith("/")){
            authUrl = authUrl + "/" ;
        }
/*
  NOTE: This is derived from the following:
  https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-desktop-acquire-token?tabs=java

  I simplified the code by taking out the SilentParameters support.

*/

        // BAD:  authUrl = authUrl + "organizations/";
        // BAD:  authUrl = "https://login.microsoftonline.com/" + tenantId + "/";
        // BAD:  authUrl = "https://login.microsoftonline.com/organizations/";
        authUrl = "https://login.microsoftonline.com/organizations/" + tenantId + "/" ;

        // BAD:  Set<String> SCOPE = Collections.singleton("https://graph.microsoft.com/.default");
        // BAD:  Set<String> scope = Collections.singleton(clientId);
        Set<String> scope = Collections.singleton("");

        // Load token cache from file and initialize token cache aspect. The token cache will have
        // dummy data, so the acquireTokenSilently call will fail.
        ITokenCacheAccessAspect tokenCacheAspect = new TokenPersistence("");

        PublicClientApplication pca;
        try {
            pca = PublicClientApplication 
            .builder(clientId)
            .authority(authUrl)
            .setTokenCacheAccessAspect(tokenCacheAspect)
            .build();
        } catch (MalformedURLException e) {
            return null ;
        }

        IAuthenticationResult result;

        /*
        BAD:  ClientCredentialParameters parameters =
        BAD:     ClientCredentialParameters
        BAD:         .builder(SCOPE)
        BAD:         .build();
        */
        UserNamePasswordParameters parameters =
                    UserNamePasswordParameters
                    .builder(scope, clientId, clientSecret.toCharArray())
                    .build();

        result = pca.acquireToken(parameters).join();

        token = result.accessToken() ;
        return token ;
    }

因此,它编译(即使是 BAD 注释掉的代码也编译),它运行但它生成:

com.microsoft.aad.msal4j.MsalClientException: com.fasterxml.jackson.databind.JsonMappingException: No suitable constructor found for type [simple type, class com.microsoft.aad.msal4j.InstanceDiscoveryMetadataEntry]: can not instantiate from JSON object (missing default constructor or creator, or perhaps need to add/enable type information?)

以上是在acquireToken调用上生成的(靠近底部)。

我无法弄清楚哪些代码需要默认构造函数(以使 JSON 快乐)。OTOH,我不知道这些是否是我应该拨打的电话;似乎有大约 47 种不同的方式通过和围绕这个 MSAL 的东西,我完全不确定我是否找到了“正确的道路”。

帮帮我,欧比旺·克诺比。你是我唯一的希望!

4

2 回答 2

2

尝试完全不使用TokenCacheAccessAspect,看看是否有效?即类似的东西:

IClientCredential credential = ClientCredentialFactory.createFromSecret(clientSecret);    

ConfidentialClientApplication cca = ConfidentialClientApplication.builder(clientId, credential)
                    .authority(authUrl)
                    .build();

Set<String> scope = ImmutableSet.of();

ClientCredentialParameters parameters =
                     ClientCredentialParameters.builder(scope)
                             .build();

result = cca.acquireToken(parameters).join();

authUrl应该在哪里https://login.microsoftonline.com/<tenantId>

请参阅:https ://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-acquire-token?tabs=java

于 2020-09-08T10:43:42.033 回答
1

查看 ms-identity-java-daemon 示例:https ://github.com/Azure-Samples/ms-identity-java-daemon 。

于 2020-04-13T19:49:03.840 回答