Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Add ROPC flow support to confidential client

See original GitHub issue

Azure AD supports ROPC for confidential clients, and thus MSAL4J should support it as well. Even if this flow requires high trust, there’re valid use cases like automation.

To illustrate what I mean, here’s a simple implementation that extends ConfidentialClientApplication.

Issue Analytics

  • State:open
  • Created 3 years ago
  • Comments:12 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
aszegocommented, Jul 7, 2020

@sangonzal The client credentials flow does not work for us.

In particular, in our automation scenario we are using Exchange Web Services to access Exchange Online. IdP is Azure AD of course. However, EXO does not allow placing constraints on mailbox access for application principals. On the other hand, when delegating permissions of a service account instead, it’s possible to constrain access to a set of mailboxes. This should affect many large organizations migrating to Microsoft 365.

@charleshcl That’s exactly my point as well.

1reaction
charleshclcommented, Jul 7, 2020

According to this article, the client credentials flow should support ROPC, as we could see both client secret and username/password are passed to IdP. image Just wonder if the Library could support this flow?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Adding ROPC Support to Confidential Client Applications #294
You can only use those flows from a native client. A confidential client, such as a web site, cannot use direct user credentials."...
Read more >
Set up a resource owner password credentials flow in Azure ...
In Azure Active Directory B2C (Azure AD B2C), the resource owner password credentials (ROPC) flow is an OAuth standard authentication flow.
Read more >
Azure AD B2C ROPC - Confidential client flow - Stack Overflow
1 Answer 1 ... Use azure ad client credential flow, it works in B2C tenants too. If it must align to users, have...
Read more >
Call Your API Using Resource Owner Password Flow - Auth0
Configure tenant: Set the tenant's default connection. · Request tokens: Exchange your authorization code for tokens. · Call API: Use the retrieved Access...
Read more >
Resource Owner Password Credentials grant flow in Azure AD
The Resource Owner Password Credentials grant flow, aka the ROPC flow or the password flow, is an OAuth authorization flow.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Spring Boot 2.4 dependency conflict

Next page

[Question] How to access refresh token