Join Log in
Score:0
Rehan Azher avatar Server

HaProxy Configuration For Microsoft Graph API and OAuth Token

gu flag
Rehan Azher

I am not an expert with HA proxy, that can be the first reason for my requests getting failed.

I have a Java application that is on a server which dont have access to Internet. Access is only available via HA Proxy. So I was trying to configure HA proxy for the microsoft Graph API.

Microsoft Graph uses following two domains:

https://graph.microsoft.com --> For Graph API calls https://login.microsoftonline.com --> for OAUTH token

I can call the boththe URLS from my Haproxy Server. I can get the bearer token using below curl command:

curl -k -X POST \
  https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'client_id={client-id}' \
  --data-urlencode 'client_secret={client-secret}' \
  --data-urlencode 'grant_type=client_credentials' \
  --data-urlencode 'scope=https://graph.microsoft.com/.default

Response looks like as following :

{
  "token_type": "Bearer",
  "expires_in": 3599,
  "ext_expires_in": 3599,
  "access_token": "<<Access Token>>"
}

I have configured my haproxy as following:

frontend nicrosoft_graph_front
  bind *:443 ssl crt /etc/ssl/certs/spteluat.pem no-tls-tickets no-tlsv11
  mode http
  acl login_path path_beg /mslogin
  use_backend login_backend if login_path

backend login_backend
  mode http
  option forwardfor
  balance roundrobin
  server loginserver login.microsoftonline.com:443 check check-ssl verify none

It is not working. when use the same curl command:

  curl -k -X POST \
  https://localhost/mslogin/c648fe9a-244d-49b5-a052-6e961eb048b8/oauth2/v2.0/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'client_id=901f8630-ed72-40c3-ad7a-5e2bfb61fe87' \
  --data-urlencode 'client_secret=U0z8Q~p3r~-GoKWOpxjFhpFeeQ847dWh1Dooua0p' \
  --data-urlencode 'grant_type=client_credentials' \
  --data-urlencode 'scope=https://graph.microsoft.com/.default'

It gives me Error:

<html><body><h1>502 Bad Gateway</h1>
The server returned an invalid or incomplete response.
</body></html>

At some point I believe I had little success when added below in backend config

http-request set-path %[path,regsub(^/mslogin/,/)]

but then it start returning 302 , which I believe is due to microsoft login URL have some redirects (I dont know how to handle those as well).

Any help how can i make this HA Config work.

102
0 + 3
Ginnungagap avatar
gu flag
Ginnungagap
Why are you using HAProxy where a normal proxy would be better suited?
0
Reply
Rehan Azher avatar
gu flag
Rehan Azher
What you mean by normal proxy , my server don’t have access to internet directly. Can you lead me in right direction please
0
Reply
Ginnungagap avatar
gu flag
Ginnungagap
HAProxy is better suited as a reverse proxy, your use case calls for a forward proxy.
2
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.