I am using the azure-identity library to authenticate users for accessing the Microsoft Graph API in my Spring Boot web application.
After getting the successfully getting the code via auth code grant redirect I want to store the access token and refresh token in the the web application session so that the user does not have to re-authenticate for doing multiple requests to the Microsoft Graph API.
How can I get hold of the tokens for storing them in the session?
The Authorization Code is a single-user code used to obtain an actual Access Token. You'll need to redeem that code for an access_token as described in Microsoft identity platform and OAuth 2.0 authorization code flow.
The response body that contains the access_token will also include a refresh_token value:
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
"token_type": "Bearer",
"expires_in": 3599,
"scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
"refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
"id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
}
The way to do this was to create a class that implements OAuth2AuthorizedClientService that stores and loads the OAuth credentials in the database.