Hi,
I am using a springoauth2client library-based BFF application for authenticating my Angular app using Azure AD.
I have registered my application as a web App in Azure with a custom scope and the login works fine. When I add offline_access to the scope, I am also able to get the refresh token.
But the problem is when the access token expires and the spring oauth2 client tries to use the refresh token to fetch a new Auth token, the request fails with the following error :
[2023-09-27 16:09:51.080][sessionId][DEBUG ][org.springframework.web.client.RestTemplate.debug:127] - HTTP POST https://login.microsoftonline.com/XXXXX/oauth2/v2.0/token
[2023-09-27 16:09:51.080][sessionId][DEBUG ][org.springframework.web.client.RestTemplate.debug:127] - Accept=[application/json, application/*+json]
[2023-09-27 16:09:51.080][sessionId][DEBUG ][org.springframework.web.client.RestTemplate.debug:127] - Writing [{grant_type=[refresh_token], refresh_token=[0.AQcAg6oJq3Rv5LljkljljljRRRRRRRqvwndcQHSI]}] as "application/x-www-form-urlencoded;charset=UTF-8"
[2023-09-27 16:09:51.080][sessionId][DEBUG ][org.springframework.web.client.RestTemplate.debug:127] - Response 400 BAD_REQUEST [invalid_request] AADSTS90009: Application 'XXX'(XXXX) is requesting a token for itself. This scenario is supported only if resource is specified using the GUID based App Identifier.
Please let me know what needs to be changed. I am assuming I am missing something during App Registeration since this is a federated client and I am not facing any such issue with other Identity Providers
Hi,
I am using a springoauth2client library-based BFF application for authenticating my Angular app using Azure AD.
I have registered my application as a web App in Azure with a custom scope and the login works fine. When I add offline_access to the scope, I am also able to get the refresh token.
But the problem is when the access token expires and the spring oauth2 client tries to use the refresh token to fetch a new Auth token, the request fails with the following error :
[2023-09-27 16:09:51.080][sessionId][DEBUG ][org.springframework.web.client.RestTemplate.debug:127] - HTTP POST https://login.microsoftonline.com/XXXXX/oauth2/v2.0/token
[2023-09-27 16:09:51.080][sessionId][DEBUG ][org.springframework.web.client.RestTemplate.debug:127] - Accept=[application/json, application/*+json]
[2023-09-27 16:09:51.080][sessionId][DEBUG ][org.springframework.web.client.RestTemplate.debug:127] - Writing [{grant_type=[refresh_token], refresh_token=[0.AQcAg6oJq3Rv5LljkljljljRRRRRRRqvwndcQHSI]}] as "application/x-www-form-urlencoded;charset=UTF-8"
[2023-09-27 16:09:51.080][sessionId][DEBUG ][org.springframework.web.client.RestTemplate.debug:127] - Response 400 BAD_REQUEST [invalid_request] AADSTS90009: Application 'XXX'(XXXX) is requesting a token for itself. This scenario is supported only if resource is specified using the GUID based App Identifier.
Please let me know what needs to be changed. I am assuming I am missing something during App Registeration since this is a federated client and I am not facing any such issue with other Identity Providers