Hi @Ayinapurapu, Vinaydeep , thanks for reaching us.
I understand that you are asking on how to get an Access Token using Certificate Based Authentication using Postman with Azure AD App registration.
To get an Access Token using Certificate Based Authentication using Postman with Azure AD App registration, you can follow these steps:
1.Create an Azure AD App registration in Microsoft entra id
2.Generate a self-signed certificate and upload it to the Azure AD app registration. Below are the steps to generate a self-signed certificate using OpenSSL.
- Generate your private key with genrsa.
openssl genrsa -out certificateprivate.key 2048
- Run the following command to generate a certificate signing request (CSR). You will be prompted to enter some information, such as your country, state, city, organization, and common name.
openssl req -new -key certificateprivate.key -out certificate.csr
- Run the following command to generate a self-signed certificate:
openssl x509 -req -days 365 -in certificate.csr -signkey certificateprivate.key -out accesstokenwithcertificate.crt
- use below command to retrieve public key in PEM format from private key.
openssl rsa -in certificateprivate.key -pubout -out certificatepublickey.pem
- Upload your public certificate into the application configuration under 'certificates and secrets'. and copy your certificate thumbprint. You can Create a self-signed public certificate using PowerShell. reference
3.Use www.jwt.io to get Client_assertion
- Select RS256 algorithm.
Edit the header, payload, or verify signature fields to modify token as below.
HEADER:
{
"alg": "RS256",
"typ": "JWT",
"x5t":"<Base64 Thumbprint"
}
PAYLOAD:DATA
{
"aud": "https://login.microsoftonline.com/{tenantid/tenantname}/oauth2/v2.0/token",
"exp": 1699254916(expiration time),
"iss": "<application client_id>",
"jti": "<random unique identifier>",
"nbf": 1699254916,
"sub": "<application client_id>"
}
Verify Signature
{
public key to a PEM format
Private key to a PEM format
}
You can see encoded token on the left side. Use encoded token as client-assertion
4.To get access token using postman, create a new request and set the following parameters:
- HTTP Method: POST
- URL: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
- Headers:Content-Type: application/x-www-form-urlencoded
- Body: grant_type=client_credentials client_id={client_id} Scope={applictionid/.default} client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer client_assertion={client_assertion}
Send the request and you should receive an Access Token in the response.
Hope this helps. Do let us know if you any further queries.
Thanks, Navya.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.