I have a Scala rest service on Finatra and would like to authenticate users accessing my rest service using Azure Active Directory.
Currently, I can do a curl to get the access token:
curl -s -X POST https://login.microsoftonline.com/tenant id/oauth2/token -d grant_type=password -d username=$username -d password=$pass -d resource=$resID -d client_id=$id -d client_secret=$key
But it requires the user to pass his password as a parameter which is a security concern.
Is there a way to authenticate the user using Azure AD with taking in the password (I am pretty sure this is not possible) or asking him to sign in?
It is not recommended to use your user and password to login Azure account. You had better create service principal to sign in your Azure account. Please refer to this link: Use portal to create an Azure Active Directory application and service principal that can access resources.
Also, you could use Azure CLI 2.0 to create this.
az ad sp create-for-rbac --name {appId} --password "{strong password}"
Example:
az ad sp create-for-rbac --name shuiexample --password "Password012!!"
You could get result like below:
{
"appId": "bca24913-026d-4020-b9f1-add600bf9045",
"displayName": "shuiexample1234",
"name": "http://shuiexample1234",
"password": "*******",
"tenant": "*******"
}
Sign in using the service principal.
APPID="bca24913-026d-4020-b9f1-add600bf9045"
PASSWORD="******"
TENANTID="*******"
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'client_id=$APPID&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret=$PASSWORD&grant_type=client_credentials' 'https://login.microsoftonline.com/$TENANTID/oauth2/token'