0

I want to login to my application with the use of https://login.microsoftonline.com/{tenant}/oauth2/token endpoint. I'm filling parameters(client_id, client_secret, resource and grant_type:client_credentials) in post request and getting access token. When I use it to login my API spring boot gives me error:

com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS50058: A silent sign-in request was sent but no user is signed in.

What should I do to get valid bearer token with only post request ? Or is there any azure configuration I am missing to ?

Improve this question
2
  • Can you add more details to your question? What version of Spring Boot are you using? How did you configure Spring Security?
    – Wim Deblauwe
    Commented Dec 2, 2019 at 16:14
  • @WimDeblauwe Right now I'm using azure-active-directory-spring-boot-starter 2.2.0.M1. AADAuthenticationFilter filter added. It is working with microsoft's pop-up but I need to get bearer without any GET request. I want to do it with POST request.
    – Hasan Alp Zengin
    Commented Dec 3, 2019 at 6:54

1 Answer 1

Reset to default
1

What you describe as 'login' is not a user login but an application request for an access token. The application can then use this token to call some other API, e.g. MS Graph. It is intended for use by applications where either there is no user involved at all (e.g. a daemon service) or the application wants to call an APIs without reference to the currently logged in user. If, what you want to do is to have a user signin to your application, you will need to use the OpenIDConnect Authorization Code Grant flow. Use MSAL4J.

Improve this answer
2
  • All I want to do is getting access to my own spring-boot api all non-interactively. I don't want to get and pop-up or redirection. Can you give me some more information on this ?
    – Hasan Alp Zengin
    Commented Dec 3, 2019 at 8:41
  • You cannot do it without redirection unless you use the OAuth2 Resource Owner flow, which you shouldn't except in some edge cases. Its insecure, does not support MFA or SSO properly. All modern user-facing apps have to use redirection and separate popup UI to authn users.
    – Marc
    Commented Dec 3, 2019 at 18:08

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.