search

Azure-Samples / ms-identity-java-webapi

A Java Web API that calls another web API with the Microsoft identity platform using the On-Behalf-Of flow
MIT License
36 stars 30 forks source link

Samples use very old Spring APIs making them useless in modern applications #25

Open vgarmash opened 3 years ago

vgarmash commented 3 years ago

Hello.

I am glad I was able to find your repositories as I am struggling to make WebAPI OBO scenario to work with latest versions of Spring and Spring security. Although I was disappointed to see that you still using Spring Boot 2.1.7.RELEASE and Spring Security Oauth2 2.3.6.RELEASE. You can see that "The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. ": https://projects.spring.io/spring-security-oauth/docs/Home.html. Current Active Directory documentation also contains deprecated samples for Java for OBO scenarios: https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-web-api-call-api-app-configuration?tabs=java

I think it is still useful to have at least these samples for those projects who stuck with old Spring and can't upgrade. Although please consider writing new version using latest versions за Spring Boot and Spring Security available at Spring Initalizr https://start.spring.io/.

One of the new concepts for Web API you can implement is Resource Server where web API exists without any UI therefore there is no standard services to obtain token. In most cases the access token comes from the front-end layer and web api just revalidates it. Once it is done the next step would be to call Microsoft Graph API to get various data from the organization account, for example: get list of files in the Sharepoint folder or on OneDrive, get list of email messages, send notification, schedule a meeting in Calendar, view list of existing events in Calendar. I agree with other comments: do not use low-level HTTP to implement the client but use built-in com.azure.resourcemanager.authorization.fluent.MicrosoftGraphClient or com.microsoft.graph.requests.GraphServiceClient.

Avery-Dunn commented 3 years ago

Hello @vgarmash : Thanks for bringing this to our attention, I agree that the Spring dependencies in this sample (and some others) is outdated and should be updated to use newer versions and features. We don't have a timeline yet for this upgrade, but I'll update this thread once we get a plan for it sorted out.