我们正在尝试使用 java 从 adal 迁移到 msal。 我们使用 oauth 中的授权代码流 来获取刷新令牌和访问令牌。
在 ADAL 中,我们有以下流程:
ClientCredential credential =
new ClientCredential(
PRODUCTION_OAUTH_SECRETS.getClientId(), PRODUCTION_OAUTH_SECRETS.getClientSecret());
AuthenticationContext context =
new AuthenticationContext(
"https://login.microsoftonline.com/" + domainName+ "/", true, service);
Future<AuthenticationResult> future =
context.acquireTokenByAuthorizationCode(
code, new URI(returnPath), credential, null);
AuthenticationResult result = future.get();
OAuth2Token token =
new OAuth2Token(
result.getAccessToken(), result.getRefreshToken(), result.getAccessTokenType(), null);
AuthenticationContext context =
new AuthenticationContext(
"https://login.microsoftonline.com/" + domainName+ "/", true, service);
Future<AuthenticationResult> future =
context.acquireTokenByRefreshToken(credentials.refreshToken, getClientCredential(), null, null);
AuthenticationResult result = future.get();
credentials.refreshToken = result.getRefreshToken();
credentials.accessToken = result.getAccessToken();
credentials.expiresAt = result.getExpiresOnDate().toInstant();
现在我们可以使用这里提到的代码成功地从上面的adal代码迁移到msal
我们还能够使用以下代码在 msal 中创建第一个访问令牌:
在MSAL中,我们有以下代码:
ConfidentialClientApplication app =
ConfidentialClientApplication.builder(
clientId, ClientCredentialFactory.createFromSecret(clientSecret))
.authority("https://login.microsoftonline.com/" + domainName+ "/")
.build();
AuthorizationCodeParameters parameters =
AuthorizationCodeParameters.builder(code, returnPath)
.scopes(Collections.singleton("offline_access"))
.build();
CompletableFuture<IAuthenticationResult> future = app.acquireToken(parameters);
IAuthenticationResult result = future.get();
我们成功获得了访问令牌和刷新令牌。但是如何获得更新的访问令牌,因为无法在 MSAL 中存储刷新令牌。
我们尝试了以下代码,但无法获取访问令牌,因为缓存中没有存储令牌。
ConfidentialClientApplication cca = ConfidentialClientApplication.builder(oAuthClientSecret.getClientId(), ClientCredentialFactory.createFromSecret(oAuthClientSecret.getClientSecret()))
.authority("https://login.microsoftonline.com/" + domainName+ "/")
.build();
// define the scopes to request
String scopes = "offline_access";
// acquire an access token silently
IAuthenticationResult authResult = cca.acquireTokenSilently(
SilentParameters.builder(Collections.singleton(scopes)).build()).join();
credentials.accessToken = authResult.accessToken();
问:有人能解释一下吗:
我会尽量回答你的
questions 1 and 3
如何使用
方法acquireTokenSilenty
你可以实现这样的东西:
PublicClientApplication pca = PublicClientApplication.builder(YOUR_CLIENT_ID)
.authority(YOUR_AUTHORITY)
.build();
Consumer<DeviceCode> deviceCodeConsumer = (DeviceCode deviceCode) ->
// get token for graph
DeviceCodeFlowParameters parameters =
DeviceCodeFlowParameters
.builder(Collections.singleton("User.Read"), deviceCodeConsumer)
.build();
IAuthenticationResult result = pca.acquireToken(parameters).join();
DecodedJWT jwt = JWT.decode(result.accessToken());
System.out.println(jwt.getAudience().get(0));
// refresh token
Set<IAccount> accountsInCache = pca.getAccounts().join();
IAccount account = accountsInCache.iterator().next();
// get token for your own api
SilentParameters silentParameters =
SilentParameters
.builder(Collections.singleton("YOUR_SCOPE"), account)
.build();
result = pca.acquireTokenSilently(silentParameters).join();
jwt = JWT.decode(result.accessToken());
MSAL 提到令牌存储在缓存中。这个缓存在哪里?
MSAL
提供功能令牌缓存。它在获取后缓存一个token
。那么我们可以尝试用上面的方法从缓存中刷新token silently
。请通过以下参考链接了解更多详情:
参考链接: