microsoftgraph
GraphServiceClient does not use authentication provider
Describe the bug
Describe the bug Copying this bug from here as it seems to be an graph sdk issue:
I am using the following code to instantiate a GraphServiceClient. As I require to configure a http proxy I followed this example, see alternative 1 in code. Doing so the client will not aquire a token from the AuthenticationProvider and fails to connect, see Exception or Stack Trace.
Enforcing an Authorization header in the http client will fix the problem, see alternative 2.
Exception or Stack Trace Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'getGraphClient' defined in class path resource [xxxxxxxxxxxxxxxxx.class]: Failed to instantiate [com.microsoft.graph.serviceclient.GraphServiceClient]: Factory method 'getGraphClient' threw exception with message: Access token is empty.
To Reproduce n.a.
Code Snippet
assert (tenantId != null) : "Env var AZURE_TENANT_ID has not been provided.";
assert (clientId != null) : "Env var AZURE_CLIENT_ID has not been provided.";
assert (clientSecret != null) : "Env var AZURE_CLIENT_SECRET has not been provided.";
assert (proxyHost != null) : "Env var PROXY_HOST has not been provided";
assert (proxyPort != null) : "Env var PROXY_PORT has not been provided";
logger.debug("tenant {}", tenantId);
logger.debug("clientId {}", clientId);
logger.debug("proxyHost {}", proxyHost);
logger.debug("proxyPort {}", proxyPort);
int proxyPortInt=0;
try {
proxyPortInt = Integer.parseInt(proxyPort);
} catch (NumberFormatException e) {
assert (false) : "Proxy port is not a valid integer";
}
// Example code taken from https://docs.microsoft.com/en-us/graph/sdks/customize-client?tabs=java#configuring-the-http-proxy-for-the-client
InetSocketAddress address = new InetSocketAddress(proxyHost, proxyPortInt);
ProxyOptions options = new ProxyOptions(ProxyOptions.Type.HTTP, address);
HttpClient authClient = new NettyAsyncHttpClientBuilder().proxy(options)
.build();
ClientSecretCredential credential = new ClientSecretCredentialBuilder()
.clientId(clientId)
.tenantId(tenantId)
.clientSecret(clientSecret)
.httpClient(authClient)
.build();
String[] scopes = new String[]{"User.Read.All", "GroupMember.Read.All"};
AzureIdentityAuthenticationProvider authProvider =
new AzureIdentityAuthenticationProvider(credential, List.of("login.microsoftonline.com").toArray(new String[0]), scopes);
Proxy proxy = new Proxy(Proxy.Type.HTTP, address);
// Alternative 2: It works with this code uncommented
//
// OkHttpClient httpClient = GraphClientFactory.create().addInterceptor(chain -> {
// Request originalRequest = chain.request();
//
// // Get the access token
// String accessToken = Objects.requireNonNull(credential.getToken(
// new TokenRequestContext()
// .addScopes("https://graph.microsoft.com/.default"))
// .block())
// .getToken();
//
// // Add Authorization header
// Request authenticatedRequest = originalRequest.newBuilder()
// .header("Authorization", "Bearer " + accessToken)
// .build();
//
// return chain.proceed(authenticatedRequest);
// }).proxy(proxy).build();
// Alternative 2 end
// Alternative 1: It should work with this code (comment if uncommenting block above!
OkHttpClient httpClient = GraphClientFactory.create().proxy(proxy).build();
// Alternative 1 end
GraphServiceClient graphClient = new GraphServiceClient(authProvider, httpClient);
GroupCollectionResponse res = graphClient.groups().get();
Expected behavior Alternative 1 should work
Screenshots n.a.
Setup (please complete the following information):
-
OS: ubuntu
-
IDE: Intellij
// Include the sdk as a dependency implementation 'com.microsoft.graph:microsoft-graph:6.+' implementation 'com.azure:azure-identity:1.+'
implementation 'org.springframework.boot:spring-boot-starter-web:3.4.4' providedRuntime 'org.springframework.boot:spring-boot-starter-tomcat:3.4.4' testImplementation 'org.springframework.boot:spring-boot-starter-test:3.4.4'
-
Java version: 21
-
App Server/Environment: Spring boot local execution
-
Frameworks: Spring boot
Additional context n.a.
Information Checklist Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report
- [/] Bug Description Added
- [/] Repro Steps Added
- [/] Setup information Added
Expected behavior
Alternative 1 should work
How to reproduce
See code snippet
SDK Version
microsoft-graph:6:34:0 microsoft-graph-core:3:6:1
Latest version known to work for scenario above?
No response
Known Workarounds
See code alternative 2
Debug output
Click to expand log
```Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'getGraphClient' defined in class path resource [xxxxxxxxxxxxxxxxx.class]: Failed to instantiate [com.microsoft.graph.serviceclient.GraphServiceClient]: Factory method 'getGraphClient' threw exception with message: Access token is empty.
</details>
### Configuration
Ubuntu 22.04
x86
### Other information
_No response_
I think this is a documentation issue. The OkHttpClient factory for the proxied client also needs the authentication provider to authenticate requests, hence the "AccessToken is empty" message.
// The scope should be the `.default` scope as indicated in the documentation
String[] scopes = new String[]{".default"};
// You should add the `graph.microsoft.com` host to the allowed hosts
AzureIdentityAuthenticationProvider authProvider = new AzureIdentityAuthenticationProvider(
credential,
List.of("graph.microsoft.com", "login.microsoftonline.com").toArray(new String[0]),
scopes,
);
// authProvider passed into the `create` method
OkHttpClient httpClient = GraphClientFactory.create(authProvider).proxy(proxy).build();
@tPl0ch You are absolutely right: Passing the authProvider into the create() function did the trick. Thanks.
Whoever is triaging this: Could you please update the documentation?