Microsoft Graph Java SDK and MSAL4J: How to obtain an OnBehalfOf provider to initialize a graph client

0
votes

I'm using Microsoft Graph Java SDK and the MSAL4J Authentication library in order to follow the OnBehalfOf scenario presented here: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow

Based on the instructions of the Microsoft Graph SDK (can be found here: https://github.com/microsoftgraph/msgraph-sdk-java) I'm able to accomplish the tasks I'm asked to develop.

But for the authentication provider I have to use MSAL4J, and I'm unable to initialize the graph client because I have a hard time to found how to create an OnBehalfOf auth provider.

For the authentication part, I'm using the implementation presented in this sample: https://github.com/Azure-Samples/ms-identity-java-webapi

The documentation for Java does not exist yet, and I'm unable to found the solution using the C# documentation: https://docs.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS#OnBehalfOfProvider

I would like to be able to use what's in place in the ms-identity-java-webapi Azure Sample above in order to create a GraphClient instead of using a RestTemplate to query Graph like this:

private String callMicrosoftGraphMeEndpoint(String accessToken) {
        RestTemplate restTemplate = new RestTemplate();

        HttpHeaders headers = new HttpHeaders();
        headers.setContentType(MediaType.APPLICATION_JSON);

        headers.set("Authorization", "Bearer " + accessToken);

        HttpEntity<String> entity = new HttpEntity<>(null, headers);


        return restTemplate.exchange("https://graph.microsoft.com/v1.0/me", HttpMethod.GET,
                entity, String.class).getBody();
    }

Instead, I would like to obtain an OnBehalfOf auth provider to instantiate a graph client like this:

GraphServiceClient<Request> graphClient = 
  GraphServiceClient
    .builder()
    .authenticationProvider(authenticationProvider)
    .buildClient();

This kind of auth provider can be obtained in C# like this, but I don't found how to do it in java:

IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
    .Create(clientId)
    .WithRedirectUri(redirectUri)
    .WithClientSecret(clientSecret)
    .Build();

OnBehalfOfProvider authProvider = new OnBehalfOfProvider(confidentialClientApplication, scopes);

A similar issue has already been raised here: https://github.com/Azure-Samples/ms-identity-java-webapi/issues/19

But sadly, Microsoft haven't updated anything yet, and I don't seem to figure out how to achieve this task as I'm totally new to this library and have only handled the Graph SDK through the available documentation and samples (which does not seem to implement MSAL for now)

1
javamicrosoft-graph-apimsalmicrosoft-graph-sdks

1 Answers

0
votes

The OnBehalfOfProvider is not implemented yet in the library nor in the sample available to us at this date. But fortunately it can be found in one of the branches of the MSAL4J repository, thanks to a recent PR.

You can find it here.