-
Notifications
You must be signed in to change notification settings - Fork 126
Acquiring Tokens with username and password
For historical reasons, ADAL4J supports in some platforms the user name and password flow. In general Microsoft does not advice customers to use it as it's less secure than the other flows, and it is not compatible with conditional access.
For more information about why you want to avoid using this grant, you can, for instance read the following article which explains why Microsoft is working to make passwords a thing of the past.
password flow.
Using username and password is not recommended In general Microsoft does not advice customers to use it as it's less secure than the other flows, and it is not compatible with conditional access (as if the resource requires conditional access, the call to AcquireTokenSilent will just fail, given that this is not an interactive flow, the STS does not have an opportunity to present a dialog to the user to tell him/her that s/he needs to do multiple factor authentication).
For more information about why you want to avoid using this grant, you can, for instance read the following article which explains why Microsoft is working to make passwords a thing of the past
You can get a token with a username and password by calling the following override of acquireToken:
| Returns | Method |
|---|---|
Future<AuthenticationResult> |
acquireToken(String resource, String clientId, String username, String password, AuthenticationCallback callback) |
To view a sample of authenticating via the username-password flow, take a look at Java console application sample