azure-active-directoryazure-ad-msalmicrosoft-information-protection

How to generate an accessToken to use with Microsoft informationprotection Java SDK


I'm using Microsoft Information Protection SDK Wrapper for Java. I've the flow working with Username Password flow to get tokens for a user and it works well with the implementation of AuthDelegateImpl (implements IAuthDelegate).

However, I want to generate the token in advance (using SSO/Oauth/etc and not by Username/password flow) to be used by the com.microsoft.informationprotection.file.FileEngineSettings object to information protection operations.

Using the token generated for Graph API requests doesn't seem to work as the SDK rejects it. I'd like to figure out the correct way to generate the token since graph api token (which I have already available) gets rejected.


Solution

  • Note that: To generate access token to access Microsoft information protection, you need to grant Azure Rights Management Service API permissions to the Microsoft Entra ID application.

    Hence, grant the API permissions based on your requirement like below:

    enter image description here

    Now generate the access token by passing scope as https://aadrm.com/.default in your code.

    For sample, I generated access token via Postman using below parameters:

    https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
    
    client_id:ClientID
    scope:https://aadrm.com/.default
    grant_type:authorization_code
    code:code
    redirect_uri:https://jwt.io
    client_secret:ClientSecret
    

    enter image description here

    enter image description here

    By using the above access token, you can call Microsoft information protection API.

    You can make use of below code to generate the token:

    PublicClientApplication pca = new PublicClientApplication.Builder(APP_ID)
            .authority(AUTHORITY)
            .build();
    
    IAuthenticationResult result = pca.acquireToken(AuthorizationCodeParameters
            .builder(authCode, new URI(REPLY_URL))
            .scopes(scope)
            .build())
            .get();
    

    References:

    Acquire tokens interactively in MSAL Java - Microsoft Authentication Library for Java | Microsoft

    Required API permissions - Microsoft Information Protection SDK | Microsoft