Azure access token generation from Postman

Asked 9/7, 2019 at 13:46 Answered 16/5 at 15:24

Solved azure azure-active-directory postman access-token bearer-token

I wanted to generate Azure token from Postman for API authorization in my project. I am able to generate token using below API request but getting the below error message "Authorization denied for this request" while using the generated token in another API request.

Endpoint#

https://login.microsoftonline.com/:tenant_id/oauth2/token

Params#

tenant_id:As per id generation by azure.

Body# (Form-data)

grant_type:client_credentials
client_id:As per id generation by azure.
client_secret:As per id generation by azure.
resource:Required URL

Response#

    "token_type": "Bearer",
    "expires_in": "foo",
    "ext_expires_in": "foo",
    "expires_on": "foo",
    "not_before": "foo",
    "resource": "foo",
    "access_token":foo

Since the above returned token is not accepted, I had passed username and password as well in body of the request but ended up with same results. Also azure did not consider my credentials even they are wrong.

Could you please assist what else I need to send in the response to get valid token id?

Odoric answered 9/7, 2019 at 13:46 Comment(6)

See the updated answer and do exactly I have shown. You will get token definitely. Let me know if you have any more concern – Hairsplitter 9/7, 2019 at 14:42

I applied as per your direction and getting token successfully but problem is generated token is not accepted as valid token when passed in another API for authentication purpose. – Odoric 9/7, 2019 at 14:46

Where are you passing this ? which resource you are trying to access? show the URL – Hairsplitter 9/7, 2019 at 14:47

POST>>>login.microsoftonline.com/<<My tenant name>>.microsoft.com/oauth2/token. sending these inbody(Grant type, clientid, client_secret and resource) – Odoric 9/7, 2019 at 14:48

This is token endpoint , after getting token where do you passing it? not this URL – Hairsplitter 9/7, 2019 at 14:49

For example this API I want to access with my token https://graph.microsoft.com/v1.0/users. So what API you are trying to access? – Hairsplitter 9/7, 2019 at 14:51

The Valid format for client_credentials authentication flow is like below:

Azure Portal Credentials For App Id and Tenant Id:

Application Secret from Portal:

Token Endpoint Or URL:

https://login.microsoftonline.com/YourTenantName.onmicrosoft.com/oauth2/token

Request Param:

grant_type:client_credentials
client_id:b603c7be_Your_App_ID_e6921e61f925
client_secret:Vxf1Sl_Your_App_Secret_2XDSeZ8wL/Yp8ns4sc=
resource:https://graph.microsoft.com

PostMan Sample:

Token On Response:

Expose Your Own API:

When You want to authorize your own API you have add it here. So that your token will contain this permission and this API can be accessed. Refer this docs

For more clarity you could refer official docs

Hairsplitter answered 9/7, 2019 at 14:14 Comment(2)

I am still getting the same error ("Message":"Authorization has been denied for this request.") while using the generated access token. – Odoric 9/7, 2019 at 14:22

https://login.microsoftonline.com/YourTenantName.onmicrosoft.com/oauth2/token like this . Please update your question with screen shot if possible – Hairsplitter 9/7, 2019 at 14:34

The post is a bit old, as of today, resource parameter is not supported. Above request gives me error:

The 'resource' request parameter is not supported. Trace ID: ebf7b039-b399-489d-a989-205dd2e42500 Correlation ID: 74d68bbf-c01d-4128-9b65-d62ba9eb78q7 Timestamp: 2024-05-16 14:44:50Z

So, the new working request for me is to use scope:https://graph.microsoft.com/.default

Here's sample representation using cCurl:

curl --location --request GET 'https://login.microsoftonline.com/{{tenentId}}/oauth2/v2.0/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--form 'grant_type=client_credentials' \
--form 'client_id={{clientId}}' \
--form 'client_secret={{clientSecret}}' \
--form 'scope=https://graph.microsoft.com/.default'

This gives me token generated(or refreshed). Response:

{
    "token_type": "Bearer",
    "expires_in": 1234,
    "ext_expires_in": 1234,
    "access_token": "<generated token>"
}

Satchel answered 16/5 at 15:24 Comment(0)

-1

You should try adding "X-ZUMO-AUTH" header to your request when using the generated token.

GET https://<appname>.azurewebsites.net/api/products/1
X-ZUMO-AUTH: <authenticationToken_value>

https://learn.microsoft.com/en-us/azure/app-service/app-service-authentication-how-to

Phago answered 9/7, 2019 at 14:9 Comment(0)

Recommended topics

Hot tags