-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No way to Initialize the AuthorizationCodeProvider using a valid RefreshToken #698
Comments
Hey @heyalistair , |
@baywet Thanks ok, that sounds exactly what I need to do in my case. Will take a closer look at azure identity repo. Congrats on the major release. |
thank you very much for the original feedback, the patience and the kind words! Let us know if you find anything with v3. Closing. |
Ok just a little update as I've been playing around with v3.0.0 and doing a deep dive on Azure/azure-sdk-for-java and in turn AzureAD/microsoft-authentication-library-for-java. In the latter, I do see examples showing how I can make the credentials persist across instances of my application, so I would be able to code up a custom implementation there. Once I finish that, I believe it's possible to build a custom Ultimately, it seems like this is an area of active work and that there are some related features for this stuff in the pipeline here: Azure/azure-sdk-for-java#19734 I don't think I have the time to implement all of this, so I think I will just change my requirements and do it another way. I would have thought my use case, authenticating using a refresh token, was very common. This would help me maintain offline access and access between different instances of my applications. It seems strange to me that there is no easy way to do this. For the record, Google provides a good solution of this in their OAuth2 implementation, with their DataStore and DataStoreFactory |
Thanks a lot for sharing this additional information with others. The MSAL team is also working with the Azure identity one to make sure factories are exposed so customers can make use of Azure Identity and highly customize MSAL, which is a difficult point today. And yes, both Azure identity and MSAL for java are pretty much work in progress on a number of features. But feedback like yours helps prioritize work so don't hesitate to leave a comment in those repos. They also do accept pull requests :) Lastly, one of the reasons why initiating the context from a refresh token hasn't been possible historically is because a compromised refresh token is much worse than a compromised access token. Customers have to make sure those refresh tokens are safely stored, etc. Instead of providing those capabilities from day one, which would be like handing customers a gun to shoot themselves in the foot, the strategy has been to make sure libraries support the scenario of safely storing the refresh token and getting an access token automatically for customers, encapsulating away some of the complexity. I hope this shine lights on "how we got to this current situation" :) |
An updated of that document would be great! I'll keep an eye out for it. And thanks for the additional infomation! Yes, good point about the refresh tokens, you really cannot be too careful with them. |
I'm opening an issue from the now-archived msgraph-sdk-java-auth repo here, as I can't comment on it.
The version of msgraph-sdk-java 3.0.0. Is this resolved in this release?
AB#8614
The text was updated successfully, but these errors were encountered: