I would like to authenticate with MSAL4J and the certificate stored in Azure Key Vault (AKV). The certificate is a self-signed Azure Key Vault certificate.
I could find an example based on a certificate and key stored locally (file system) but not a certificate created and stored in AKV. How to use the certificate, key, and secret objects obtained from azure-security-keyvault-*
with MSAL4J?
azure-security-keyvault-keys
is com.azure.security.keyvault.keys.models.KeyVaultKey
, but MSAL4J expects java.security.PrivateKey
.azure-security-keyvault-secrets
to decrypt the private key?Are you sure it is supported? As far as I know certificated-based authentication is not supported. MSAL uses either public clients or confidential clients.
However, I did find this on their wiki: https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki/Client-Credentials
There are two types of client secrets in MSAL4J:
You need to instantiate a confidential client application; if you have a certificate:
String PUBLIC_CLIENT_ID;
String AUTHORITY;
PrivateKey PRIVATE_KEY;
X509Certificate PUBLIC_KEY;
IClientCredential credential = ClientCredentialFactory.createFromCertificate(PRIVATE_KEY, PUBLIC_KEY);
ConfidentialClientApplication app =
ConfidentialClientApplication
.builder(PUBLIC_CLIENT_ID, credential)
.authority(AUTHORITY)
.build();
Then acquire a token: https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki/Acquiring-Tokens#confidential-client-applications
https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-node/src/client/ConfidentialClientApplication.ts
You would need to use: acquireTokenByClientCredential
https://azuread.github.io/microsoft-authentication-library-for-js/ref/classes/_azure_msal_node.confidentialclientapplication.html#acquiretokenbyclientcredential
Also see:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.