The Authentication Server (Azure AD) does not return a refresh_token for a
client credential flow.
This is mentioned in the documentation:
https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow
And confirmed by the RFC:
https://www.rfc-editor.org/rfc/rfc6749#section-4.4.3
However BearerAuthSupplier seems to rely on that token when the
access_token is expired
(line 80: if (at.getRefreshToken() == null) {)
I am missing something to the way the client credential flow needs to be
implemented using CXF?
Here is the code I use to handle Oauth2 for my CXF client:
WebClient tokenClient = WebClient.create(tokenUri);
Consumer consumer = new Consumer(clientId,clientSecret);
ClientCredentialsGrant grant = new ClientCredentialsGrant(scope);
ClientAccessToken initial = OAuthClientUtils.getAccessToken(tokenClient,
consumer, grant, false);
BearerAuthSupplier supplier = new BearerAuthSupplier();
supplier.setAccessToken(initial.getTokenKey());
supplier.setRefreshToken(initial.getRefreshToken());
supplier.setConsumer(consumer);
supplier.setAccessTokenServiceUri(tokenUri);
http.setAuthSupplier(supplier);
