Share via

Postman calling Azure AD secured WEb API

McAninch, Robin 51 Reputation points
2020-09-24T21:11:43.247+00:00

I cannot get Postman to call an Azure AD web api. I downloaded the Microsoft Azure AD sample project (todolist project) found via the Quickstart in portal.azure.com. The url is https://aka.ms/msal-net-client-credentials. I followed the steps and I can on my desktop using the client app supplied call the sample web api. When I try the same using Postman it will only work if I supply the token from the client app and not through their interface. The .net client asks for

Client settings
Instance "https://login.microsoftonline.com/tenant",
Tenant tenant
client ID
Client Secret
BaseAddress https://localhost:44372
Scope "api://api client ID/.default"

Postman wants
Access token (same as above but with /oauth2/token)
client id (same)
client secret (same)
scope (same)
client authentication "send as Basic auth header"

I get the following error if I use the token I create
Bearer error="invalid_token", error_description="The audience '00000002-0000-0000-c000-000000000000' is invalid"

It works with the token from the client. Any help would be wonderful. Thank you

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,081 questions
0 comments
Accepted answer
  1. Krish G 2,326 Reputation points
    2020-09-25T08:28:53.44+00:00

    You can leverage Postman "Pre-request script" to automatically acquire token and pass it as auth header to your API like below. Here is the script (replace the {placeholder} with your actual values). 

       pm.environment.set("tenantId", "{your tenant id}");  
       pm.environment.set("client_credentials", "client_credentials");  
       pm.environment.set("clientId", "{your client id}");  
       pm.environment.set("clientSecret", "{your client secret}");  
       pm.environment.set("scope", "{your scope}");  
         
       pm.sendRequest({  
               url: 'https://login.microsoftonline.com/' + pm.environment.get("tenantId") + '/oauth2/v2.0/token',  
               method: 'POST',  
               header: 'Content-Type: application/x-www-form-urlencoded',  
               body: {  
                   mode: 'urlencoded',  
                   urlencoded: [   
                       {key: "grant_type", value: "client_credentials", disabled: false},  
                       {key: "client_id", value: pm.environment.get("clientId"), disabled: false},  
                       {key: "client_secret", value: pm.environment.get("clientSecret"), disabled: false},  
                       {key: "scope", value: pm.environment.get("scope"), disabled: false}  
                   ]  
               }  
           }, function (err, res) {  
               pm.globals.set("bearerToken", res.json().access_token);  
               console.log(pm.globals.get("bearerToken"));  
           });
    1. Set Authorization header to refer a global variable 'Bearer {<!-- -->{bearerToken}}' like below:
      28306-image.png
    2. Set the above global variable from pre-request script like below:
      28249-image.png
    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest