fix graph api scope (make graphAPI endpoints customizable #3)

Author: davidcoutadeur

src/main/java/org/lsc/plugins/connectors/msgraphapi/MsGraphApiAuthentication.java

@@ -54,21 +54,31 @@
 
 public class MsGraphApiAuthentication {
     private static final String DEFAULT_AUTHENTICATION_URL = "https://login.microsoftonline.com/";
-    private static final String GRAPH_DEFAULT_SCOPE = "https://graph.microsoft.com/.default";
+    private static final String DEFAULT_USERS_URL = "https://graph.microsoft.com";
+    private static final String GRAPH_DEFAULT_SCOPE = "/.default";
     private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
 
-    public AuthenticationResponse authenticate(String tenant, String authenticationURL, String clientId, String clientSecret) throws AuthorizationException {
+    public AuthenticationResponse authenticate(String tenant, String authenticationURL, String usersURL, String clientId, String clientSecret) throws AuthorizationException {
+
         if( authenticationURL == null || authenticationURL.isEmpty() )
         {
             authenticationURL = DEFAULT_AUTHENTICATION_URL;
         }
+
+        String scope;
+        if( usersURL == null || usersURL.isEmpty() )
+        {
+            usersURL = DEFAULT_USERS_URL;
+        }
+        scope = usersURL.replaceAll("/$", "") + GRAPH_DEFAULT_SCOPE;
+
         WebTarget authTarget = ClientBuilder.newClient()
             .register(JacksonFeature.class)
             .target(authenticationURL)
             .path(tenant)
             .path("oauth2/v2.0/token");
         Form authForm = new Form("client_id", clientId)
-            .param("scope", GRAPH_DEFAULT_SCOPE)
+            .param("scope", scope)
             .param("client_secret", clientSecret)
             .param("grant_type", "client_credentials");
 

src/main/java/org/lsc/plugins/connectors/msgraphapi/MsGraphApiUsersSrcService.java

@@ -101,7 +101,7 @@ public MsGraphApiUsersSrcService(TaskType task) throws LscServiceConfigurationEx
             settings = (MsGraphApiConnectionSettings) pluginConnectionType.getAny().get(0);
 
             String token = new MsGraphApiAuthentication()
-                .authenticate(settings.getTenant(), settings.getAuthenticationURL(), settings.getClientId(), settings.getClientSecret())
+                .authenticate(settings.getTenant(), settings.getAuthenticationURL(), settings.getUsersURL(), settings.getClientId(), settings.getClientSecret())
                 .getAccessToken();
 
             dao = new MsGraphApiDao(token, settings, service);

src/test/java/org/lsc/plugins/connectors/msgraphapi/MsGraphApiAuthenticationTest.java

@@ -60,6 +60,7 @@ class MsGraphApiAuthenticationTest {
     private final static String CLIENT_SECRET = System.getenv("TEST_MS_GRAPH_API_CLIENT_SECRET");
     private final static String TENANT = System.getenv("TEST_MS_GRAPH_API_TENANT");
     private final static String AUTHENTICATION_URL = System.getenv("TEST_MS_GRAPH_API_AUTHENTICATION_URL");
+    private final static String USERS_URL = System.getenv("TEST_MS_GRAPH_API_USERS_URL");
 
     private final MsGraphApiAuthentication msGraphApiAuthentication;
 
@@ -76,24 +77,24 @@ static void setup() {
 
     @Test
     void shouldObtainValidAccessToken() throws AuthorizationException {
-        AuthenticationResponse response = msGraphApiAuthentication.authenticate(TENANT, AUTHENTICATION_URL, CLIENT_ID, CLIENT_SECRET);
+        AuthenticationResponse response = msGraphApiAuthentication.authenticate(TENANT, AUTHENTICATION_URL, USERS_URL, CLIENT_ID, CLIENT_SECRET);
         assertThat(response.getAccessToken()).isNotBlank();
         assertThatCode(() -> JWT.decode(response.getAccessToken())).doesNotThrowAnyException();
     }
 
     @Test
     void shouldThrowIfInvalidTenant() {
-        assertThatThrownBy(() -> msGraphApiAuthentication.authenticate("NOT_A_TENANT", AUTHENTICATION_URL, CLIENT_ID, CLIENT_SECRET)).isInstanceOf(AuthorizationException.class);
+        assertThatThrownBy(() -> msGraphApiAuthentication.authenticate("NOT_A_TENANT", AUTHENTICATION_URL, USERS_URL, CLIENT_ID, CLIENT_SECRET)).isInstanceOf(AuthorizationException.class);
     }
 
     @Test
     void shouldThrowIfInvalidClientId() {
-        assertThatThrownBy(() -> msGraphApiAuthentication.authenticate(TENANT, AUTHENTICATION_URL, "NOT_A_CLIENT_ID", CLIENT_SECRET)).isInstanceOf(AuthorizationException.class);
+        assertThatThrownBy(() -> msGraphApiAuthentication.authenticate(TENANT, AUTHENTICATION_URL, USERS_URL, "NOT_A_CLIENT_ID", CLIENT_SECRET)).isInstanceOf(AuthorizationException.class);
     }
 
     @Test
     void shouldThrowIfInvalidClientSecret() {
-        assertThatThrownBy(() -> msGraphApiAuthentication.authenticate(TENANT, AUTHENTICATION_URL, CLIENT_ID, "NOT_A_SECRET")).isInstanceOf(AuthorizationException.class);
+        assertThatThrownBy(() -> msGraphApiAuthentication.authenticate(TENANT, AUTHENTICATION_URL, USERS_URL, CLIENT_ID, "NOT_A_SECRET")).isInstanceOf(AuthorizationException.class);
     }
 
 }