Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Samples use very old Spring APIs making them useless in modern applications #25

Open
vgarmash opened this issue Sep 8, 2021 · 1 comment
Assignees
Labels
enhancement New feature or request

Comments

@vgarmash
Copy link

vgarmash commented Sep 8, 2021

Hello.

I am glad I was able to find your repositories as I am struggling to make WebAPI OBO scenario to work with latest versions of Spring and Spring security. Although I was disappointed to see that you still using Spring Boot 2.1.7.RELEASE and Spring Security Oauth2 2.3.6.RELEASE. You can see that "The Spring Security OAuth project is deprecated. The latest OAuth 2.0 support is provided by Spring Security. ": https://projects.spring.io/spring-security-oauth/docs/Home.html. Current Active Directory documentation also contains deprecated samples for Java for OBO scenarios: https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-web-api-call-api-app-configuration?tabs=java

I think it is still useful to have at least these samples for those projects who stuck with old Spring and can't upgrade. Although please consider writing new version using latest versions за Spring Boot and Spring Security available at Spring Initalizr https://start.spring.io/.

One of the new concepts for Web API you can implement is Resource Server where web API exists without any UI therefore there is no standard services to obtain token. In most cases the access token comes from the front-end layer and web api just revalidates it. Once it is done the next step would be to call Microsoft Graph API to get various data from the organization account, for example: get list of files in the Sharepoint folder or on OneDrive, get list of email messages, send notification, schedule a meeting in Calendar, view list of existing events in Calendar. I agree with other comments: do not use low-level HTTP to implement the client but use built-in com.azure.resourcemanager.authorization.fluent.MicrosoftGraphClient or com.microsoft.graph.requests.GraphServiceClient.

@Avery-Dunn
Copy link
Contributor

Hello @vgarmash : Thanks for bringing this to our attention, I agree that the Spring dependencies in this sample (and some others) is outdated and should be updated to use newer versions and features. We don't have a timeline yet for this upgrade, but I'll update this thread once we get a plan for it sorted out.

@Avery-Dunn Avery-Dunn self-assigned this Sep 9, 2021
@Avery-Dunn Avery-Dunn added the enhancement New feature or request label Sep 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants