I'm using Microsoft Information Protection SDK Wrapper for Java. I've the flow working with Username Password flow to get tokens for a user and it works well with the implementation of AuthDelegateImpl (implements IAuthDelegate).
However, I want to generate the token in advance (using SSO/Oauth/etc and not by Username/password flow) to be used by the com.microsoft.informationprotection.file.FileEngineSettings object to information protection operations.
Using the token generated for Graph API requests doesn't seem to work as the SDK rejects it. I'd like to figure out the correct way to generate the token since graph api token (which I have already available) gets rejected.
Note that: To generate access token to access Microsoft information protection, you need to grant Azure Rights Management Service API permissions to the Microsoft Entra ID application.
Hence, grant the API permissions based on your requirement like below:
Now generate the access token by passing scope as https://aadrm.com/.default
in your code.
For sample, I generated access token via Postman using below parameters:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
scope:https://aadrm.com/.default
grant_type:authorization_code
code:code
redirect_uri:https://jwt.io
client_secret:ClientSecret
By using the above access token, you can call Microsoft information protection API.
You can make use of below code to generate the token:
PublicClientApplication pca = new PublicClientApplication.Builder(APP_ID)
.authority(AUTHORITY)
.build();
IAuthenticationResult result = pca.acquireToken(AuthorizationCodeParameters
.builder(authCode, new URI(REPLY_URL))
.scopes(scope)
.build())
.get();
References:
Acquire tokens interactively in MSAL Java - Microsoft Authentication Library for Java | Microsoft
Required API permissions - Microsoft Information Protection SDK | Microsoft