1

Following this sample: https://github.com/Azure-Samples/ms-identity-java-spring-tutorial/tree/main/1-Authentication/sign-in

To extract token details, we need to use AuthenticationPrincipal and OidcUser object in a request mapping. See the Sample Controller for an example of this app making use of ID Token claims.

import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
//...
@GetMapping(path = "/some_path")
public String tokenDetails(@AuthenticationPrincipal OidcUser principal) {
    Map<String, Object> claims = principal.getIdToken().getClaims();
}

In the sample, there´s a button "Id Token Details" that calls "/some_path" Screen

How to do this without call a button? Is there a way to do this under the covers?

Any help would be greatly appreciated

cpatricio
  • 11
  • 3
  • I don't know why there is a button, or how to do this in Spring Framework, but once you have obtained an Authorization Token (server-side) in OAuth or OpenID Connect, you can use that token to interact with resources. One of those resources is the Userinfo Endpoint, which will return information about the user. Maybe this info will help you figure this out in the context of Spring.. – Codebling Jan 19 '22 at 22:53
  • I think you should try using 'Postman' for authentication automated testing as it is a great API platform. – Kartik Bhiwapurkar Jan 20 '22 at 13:33

1 Answers1

0

• I tried to follow the github documentation link as mentioned by you in your question and successfully created the application as below screenshots display: -

Application.yml file: -

Springboot app-application.yml

Application build execution: -

Application code in VS

Application execution opening in browser: -

App opening in browser App Azure AD Login page App after logging in to Azure AD

Thus, as you can see, it executes successfully and runs the springboot java application successfully. But if you want the ‘ID Token Details’ button to be not there and in its place, you want to display the ID token details to be shown directly, you would want to change the ‘href’ button class with the below probable HTML classes and scripts extensions, so that the redirection after logging in to the application will directly display the ‘https://jwt.ms’ page and it will capture the token and decode it accordingly showing the claims held by the token. Kindly refer to the below link for more detailed information: -

How to create an HTML button that acts like a link

  ' <form action="https://google.com">
     <input type="submit" value="Go to Google" />
      </form> '

The above modifications in the ‘.html’ pages of the application should display you the required token details without the button class in HTML pages.

Kartik Bhiwapurkar
  • 4,550
  • 2
  • 4
  • 9