Conversation
sangonzal
left a comment
sangonzal
left a comment
There was a problem hiding this comment.
Overall looks good to me. Added some suggestions. I think it could also benefit from some comments around the OBO part (stating that people have to run both apps for it to work) and Spring security(high level overview of what is happening)
| } | ||
|
|
||
| @Autowired | ||
| AuthFilter authFilter; |
There was a problem hiding this comment.
nit: should go to top of file
| AuthFilter authFilter; | ||
|
|
||
| @RequestMapping("/edit-profile") | ||
| public void callOboApi(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws Throwable { |
There was a problem hiding this comment.
this method should be removed.
| String result = restTemplate.exchange(authHelper.configuration.api, HttpMethod.GET, | ||
| entity, String.class).getBody(); | ||
|
|
||
| return new Date() + result; |
There was a problem hiding this comment.
Did you mean to return a Date() here?
There was a problem hiding this comment.
yes , to show that shown result is different
| import org.json.JSONArray; | ||
| import org.json.JSONObject; | ||
|
|
||
| class JSONHelper { |
There was a problem hiding this comment.
Looks like this is not being used anywhere, can be deleted.
|
|
||
| @Getter | ||
| @Setter | ||
| public class User { |
There was a problem hiding this comment.
Not calling graph, so this can be deleted as well.
| "response_mode=form_post&" + | ||
| "redirect_uri=" + URLEncoder.encode(authHelper.getRedirectUri(), "UTF-8") + | ||
| "&client_id=" + authHelper.getClientId() + | ||
| //"&scope=" + URLEncoder.encode("openid offline_access profile", "UTF-8") + |
| @Autowired | ||
| MsalAuthHelper msalAuthHelper; | ||
|
|
||
| @RequestMapping("/api") |
There was a problem hiding this comment.
nit: maybe more descriptive name? Like callGraphMeEndpoint
| @RequestMapping("/graph/users") | ||
| public ModelAndView getUsersFromGraph(ModelMap model, HttpServletRequest httpRequest) throws Throwable { | ||
| IAuthenticationResult result = authHelper.getAuthResultBySilentFlow(httpRequest); | ||
| IAuthenticationResult result = authHelper.getAuthResultBySilentFlow(httpRequest, "https://graph.microsoft.com/.default"); |
There was a problem hiding this comment.
Using .default won't allow for incremental consent. Is it ok?
4 participants
No description provided.