使用Azure Active Directory作为Spring-boot REST服务的OAUTH2身份验证服务

Question

I'm trying to implement a spring-boot based REST service that should use Azure AD as an OAuth2 server for client authentication.

I registered two applicatons:

1. Mobile native app that is using as a client for my service
2. Rest-service as a backend.

All requests to the backend app should be authenticated through Azure AD with using OAuth2 flow.

As an implementation of mobile app I'm using curl:

For obtaining a Bearer token I use https://login.microsoftonline.com/TENANT_ID/oauth2/token

curl -s -X POST https://login.microsoftonline.com/<TENANT_ID>/oauth2/token -d grant_type=password -d username=$USER_NAME -d password=$PASSWORD -d resource=$RESOURCE_ID -d client_id=$CLIENT_ID

where $USER_NAME and $PASSWORD are credetials of an Azure AD user, $RESOURCE_ID is a SID of my REST service and $CLIENT_ID is a SID of my mobile client for the REST serice.

Azure successfully returns JSON with token data.

My Oauth2 Config for Backend app:

@Configuration
@EnableResourceServer
public class OAuth2Config extends ResourceServerConfigurerAdapter {
 @Bean
    ResourceServerTokenServices resourceTokenServices() {
        RemoteTokenServices tokenServices = new RemoteTokenServices();
        tokenServices.setClientId(resourceId);
        tokenServices.setClientSecret(/*I do not have it*/resourcePassword);
        tokenServices.setCheckTokenEndpointUrl(/*I do not have it*/checkToken);
        return tokenServices;
    }

@Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.tokenServices(resourceTokenServices());
        resources.resourceId("rest_api");
    }

@Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/**").authenticated();
    }
}

My REST controller:

@RestController
@RequestMapping("/data")
public class CustomerRestController {

    @RequestMapping(method = RequestMethod.GET)
    public SomeData getMyData(Principal principal){
        System.out.println("RESOURCE WAS REQUESTED BY " + principal.getName());
        return new SomeData(principal.getName());
    }
}

But I didn't find in the endpoint list any URL that can be used by my REST service for checking a bearer token and obtaining user data from Azure AD. Also, as I understand, it should be present some kind of credentials for my REST service for using Azure AD

How can I find required values or I'm going by a wrong way?

Answer 1

Finally I've got an answer.

Azure AD uses JWT tokens for authorization, so I have to implement work with this type of tokens instead of checking a token on the server.