-
Notifications
You must be signed in to change notification settings - Fork 126
Acquiring Tokens with username and password
ADAL4J supports in the user name and password flow in public clients. In general Microsoft does not advice customers to use it as it's less secure than the other flows, and it is not compatible with conditional access(because if the resource requires conditional access, the call to acquire token will just fail, given that this is not an interactive flow (the STS does not have an opportunity to present a dialog to the user to tell him/her that s/he needs to do multiple factor authentication).
For more information about why you want to avoid using this grant, you can, for instance read the following article which explains why Microsoft is working to make passwords a thing of the past.
You can get a token with a username and password by calling the following override of acquireToken:
| Returns | Method |
|---|---|
Future<AuthenticationResult> |
acquireToken(String resource, String clientId, String username, String password, AuthenticationCallback callback) |
To view a sample of authenticating via the username-password flow, take a look at Java console application sample.