Azure Active Directory with Springboot : how to handle expired oauth token?

2
votes

I have a springboot app which use Microsoft Azure active directory to allow authentication (oauth2).

I have followed the "how to" provided by Microsoft (https://docs.microsoft.com/en-us/java/azure/spring-framework/configure-spring-boot-starter-java-app-with-azure-active-directory?view=azure-java-stable).

Everything is working well except that I have no ideas on how to handle expired token (after 1 hour) in a way that it will not affect the users.

I know that it is possible to get new token with the refresh token but if I take a look in NimbusAuthorizationCodeTokenResponseClient.java the refresh token is not saved anywhere even if it's available.

I don't find any examples on how to keep this refresh token and how to use it, like if it was supposed to work automatically like the whole process.

Can someone have any experience with this Azure Active directory spring boot module?

I'm using Springboot 2.0.4 with azure spring boot module 2.0.5

1
spring-bootazure-active-directoryspring-security-oauth2

1 Answers

0
votes

Your access_token gets automatically refreshed by the refresh_token.

But when your refresh_token token expires you can still run into the same error. To handle it you can make your refresh_token automatically renew the same time you get a new access_token. Use reuseRefreshTokens(false) in the configuration of AuthorizationServerEndpointsConfigurer at the auth-server code:

Take a look at the refreshAccessToken method in the DefaultTokenServices class:

   public OAuth2AccessToken refreshAccessToken(String refreshTokenValue, 
                                                TokenRequest tokenRequest) {

        // Omitted
        if (!reuseRefreshToken) {
            tokenStore.removeRefreshToken(refreshToken);
            refreshToken = createRefreshToken(authentication);
        }
        // Omitted
    }

You should somehow set the reuseRefreshToken flag to false. You can do that in your AuthorizationServerConfigurerAdapter implementation:

@Configuration
@EnableAuthorizationServer
public class AuthorizationServer extends AuthorizationServerConfigurerAdapter {
    // Other methods

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
                .reuseRefreshTokens(false);
    }
}