Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] On behalf of flow. requested_token_use parameter missing after upgrading to version 4.3 #30359

Closed
eoskd opened this issue Aug 9, 2022 · 5 comments · Fixed by #30398
Closed

[BUG] On behalf of flow. requested_token_use parameter missing after upgrading to version 4.3 #30359

eoskd opened this issue Aug 9, 2022 · 5 comments · Fixed by #30398
Assignees
@moarychan
Labels
azure-spring All azure-spring related issues azure-spring-aad Spring active directory related issues. Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
2022-09

Comments

@eoskd
Copy link

eoskd commented Aug 9, 2022
edited
Loading

Describe the bug
After upgrading from 4.2 to 4.3 on behalf of flow with spring-cloud-azure-starter-active-directory is not working.

Exception or Stack Trace
org.springframework.security.oauth2.client.ClientAuthorizationException: [invalid_request] AADSTS900144: The request body must contain the following parameter: 'requested_token_use'

To Reproduce
Upgrade spring-cloud-azure-starter-active-directory from 4.2 to 4.3

Code Snippet

  profiles:
    active: local
  cloud:
    azure:
      active-directory:
        enabled: true
        profile:
          tenant-id: cxxx
        credential:
          client-id: fxxx
          client-secret: <Legg til secret her>
        authorization-clients:
          myclient:
            authorization-grant-type: on_behalf_of
            scopes:
              - 6xxx/.default

Expected behavior
Receive correct token

Screenshots

Setup (please complete the following information):

  • OS: [e.g. iOS]
  • IDE: [e.g. IntelliJ]
  • Library/Libraries: com.azure.spring:spring-cloud-azure-starter-active-directory:4.3.0
  • Java version: 17
  • App Server/Environment: Tomcat
  • Frameworks: Spring Boot
@ghost ghost added needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Aug 9, 2022
@joshfree joshfree added Client This issue points to a problem in the data-plane of the library. azure-spring All azure-spring related issues labels Aug 9, 2022
@ghost ghost removed the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Aug 9, 2022
@joshfree joshfree added needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. azure-spring-aad Spring active directory related issues. labels Aug 9, 2022
@ghost ghost removed the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Aug 9, 2022
@joshfree
Copy link
Member

joshfree commented Aug 9, 2022

Hi @eoskd thanks for reaching out to us via this GitHub issue. @yiliuTo from the Azure Spring team will follow up with you shortly.

@yiliuTo
Copy link
Member

yiliuTo commented Aug 10, 2022

@chenrujun could you help to take a look?

@yiliuTo yiliuTo assigned chenrujun and unassigned yiliuTo Aug 10, 2022
@yiliuTo yiliuTo moved this to Todo in Spring Cloud Azure Aug 10, 2022
@yiliuTo yiliuTo added this to the 2022-09 milestone Aug 10, 2022
@moarychan moarychan assigned moarychan and unassigned chenrujun Aug 10, 2022
@moarychan
Copy link
Member

Hi @eoskd , sorry for disturbing your use, I will fix this issue soon.

Here is a temporary solution for your reference:
Add extra configuration to enable the bean OAuth2ClientAuthenticationJwkResolver, and actually you will not use the client authentication method with private_key_jwt, then the OBO process will work fine.

  profiles:
    active: local
  cloud:
    azure:
      active-directory:
        enabled: true
        profile:
          tenant-id: cxxx
        credential:
          client-id: fxxx
          client-secret: <Legg til secret her>
          client-certificate-path: <put-the-dummy-certificate-file-path-with-pfx-or-p12-extension, such as, C:/test.txt.p12>
          client-certificate-password: <put-the-dummy-password>
        authorization-clients:
          myclient:
            authorization-grant-type: on_behalf_of
            scopes:
              - 6xxx/.default

@moarychan moarychan mentioned this issue Aug 11, 2022
Merged
@moarychan moarychan moved this from Todo to Pending Review in Spring Cloud Azure Aug 11, 2022
@moarychan moarychan moved this from Pending Review to In Progress in Spring Cloud Azure Aug 11, 2022
Repository owner moved this from In Progress to Done in Spring Cloud Azure Aug 15, 2022
@smehdux
Copy link

smehdux commented Sep 21, 2022

Hi,
I've the same problem and been forced to downgrade to 4.2 springboot azur starter version !
Wish be fixed in 4.4

@chenrujun
Copy link

@smehdux

Thank you for your check.
This problem is targeting to be fixed in 4.4 originally.
Please refer to the changelog: https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/spring/CHANGELOG.md

image

And 4.4.0 is planned to be fixed at the end of this month.

@github-actions github-actions bot locked and limited conversation to collaborators Apr 11, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@moarychan moarychan

Labels
azure-spring All azure-spring related issues azure-spring-aad Spring active directory related issues. Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
Spring Cloud Azure
Archived in project
Milestone
2022-09
Development

Successfully merging a pull request may close this issue.

Fix parameter missing when using OBO process moarychan/azure-sdk-for-java
6 participants
@joshfree @smehdux @chenrujun @moarychan @yiliuTo @eoskd