I am trying to sign in to azure / get a token for with policy id by postman

Question

I am trying to sign in to azure / get a token for with policy id by postman

Andrew Shlykov 20

I am trying to sign in to azure with custom policy / policy work fine when fo the application but does not work for postman

It logins fine when I am using the client endpoint

https://login.microsoftonline.com/XXXXXXXXXXXXXX/oauth2/v2.0/token but fails for

https://XXXXXXXXXX.b2clogin.com/XXXXXXXXXX.onmicrosoft.com/<policy-name>/oauth2/v2.0/token

importunely the policy defines all the needed claims

policy is taken form custom policy xml PolicyId="XXXXXXXXX"

Raja Pothuraju 43,340 Reputation points Microsoft External Staff Moderator

2024-09-20T16:08:05.7333333+00:00

Hello @Andrew Shlykov,

Thank you for posting your query on Microsoft Q&A.

Based on your description, I see that you are able to generate a token using the Entra ID token endpoint: https://login.microsoftonline.com/XXXXXXXXXXXXXX/oauth2/v2.0/token. However, when using the B2C token endpoint: https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/B2C_1A_ROPC_Auth/oauth2/v2.0/token, you're encountering an error.

To help validate the issue, I recommend trying the following URL format:

https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/oauth2/v2.0/token?p=B2C_1A_ROPC_Auth

If this URL results in the same error, please try changing the scope in your request to "openid application-id offline_access." By doing this, we can verify if the issue is related to the scope.

For reference, you can check the documentation here: Azure Active Directory B2C - Add ROPC Policy.

If you encounter any AADSTS errors, please share them with us in the comments section, and if the issue persists, we can take this offline for further testing.

I hope this information is helpful. Please feel free to reach out if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Thanks,
Raja Pothuraju.
Andrew Shlykov 20 Reputation points

2024-09-20T19:16:27.04+00:00

deleted
Raja Pothuraju 43,340 Reputation points Microsoft External Staff Moderator

2024-09-20T21:02:28.9966667+00:00

Hello @Andrew Shlykov,

Thank you for your response and sharing the additional information.

I would like to check this up offline with you to understand the scenario to see why this kind of behavior is occurring.

We can connect offline and discuss further on this.

Thanks,
Raja Pothuraju.
Raja Pothuraju 43,340 Reputation points Microsoft External Staff Moderator

2024-09-23T12:12:26.05+00:00

Hello @Andrew Shlykov,

I noticed you attempted to enable oauth2AllowImplicitFlow by setting it to true in the "Microsoft Graph App Manifest (New)." I recommend trying this using the "AAD Graph App Manifest (Deprecating Soon)" instead.

Could you also test this by using the Body tab in Postman, rather than the Authorization blade, as shown below?

If you're still encountering issues, please feel free to send me an email at the address mentioned above.

Waiting for your response.

Thanks,
Raja Pothuraju.
Raja Pothuraju 43,340 Reputation points Microsoft External Staff Moderator

2024-09-26T13:40:00.4133333+00:00

Hello @Andrew Shlykov,

Following up to see if the below suggestion was helpful. And, if you have any further query do let us know.

Answer accepted by question author

0 additional answers

Your answer

Raja Pothuraju 43,340 Reputation points Microsoft External Staff Moderator

2024-09-20T16:08:05.7333333+00:00

Hello @Andrew Shlykov,

Thank you for posting your query on Microsoft Q&A.

Based on your description, I see that you are able to generate a token using the Entra ID token endpoint: https://login.microsoftonline.com/XXXXXXXXXXXXXX/oauth2/v2.0/token. However, when using the B2C token endpoint: https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/B2C_1A_ROPC_Auth/oauth2/v2.0/token, you're encountering an error.

To help validate the issue, I recommend trying the following URL format:

https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/oauth2/v2.0/token?p=B2C_1A_ROPC_Auth

If this URL results in the same error, please try changing the scope in your request to "openid application-id offline_access." By doing this, we can verify if the issue is related to the scope.

For reference, you can check the documentation here: Azure Active Directory B2C - Add ROPC Policy.

If you encounter any AADSTS errors, please share them with us in the comments section, and if the issue persists, we can take this offline for further testing.

I hope this information is helpful. Please feel free to reach out if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Thanks,
Raja Pothuraju.
Andrew Shlykov 20 Reputation points

2024-09-20T19:16:27.04+00:00

deleted
Raja Pothuraju 43,340 Reputation points Microsoft External Staff Moderator

2024-09-20T21:02:28.9966667+00:00

Hello @Andrew Shlykov,

Thank you for your response and sharing the additional information.

I would like to check this up offline with you to understand the scenario to see why this kind of behavior is occurring.

We can connect offline and discuss further on this.

Thanks,
Raja Pothuraju.
Raja Pothuraju 43,340 Reputation points Microsoft External Staff Moderator

2024-09-23T12:12:26.05+00:00

Hello @Andrew Shlykov,

I noticed you attempted to enable oauth2AllowImplicitFlow by setting it to true in the "Microsoft Graph App Manifest (New)." I recommend trying this using the "AAD Graph App Manifest (Deprecating Soon)" instead.

Could you also test this by using the Body tab in Postman, rather than the Authorization blade, as shown below?

If you're still encountering issues, please feel free to send me an email at the address mentioned above.

Waiting for your response.

Thanks,
Raja Pothuraju.
Raja Pothuraju 43,340 Reputation points Microsoft External Staff Moderator

2024-09-26T13:40:00.4133333+00:00

Hello @Andrew Shlykov,

Following up to see if the below suggestion was helpful. And, if you have any further query do let us know.

Answer 1

Hello @Andrew Shlykov,Thank you for your time during the Teams call.

As we discussed and troubleshooted, we were able to identify the cause of the issue in your environment. The issue occurred because the app registration was created with the support type set to "Accounts in this organizational directory only (tenant B2C only - Single tenant)." To authenticate users in B2C using user flows, the application must be created with the support type "Accounts in any identity provider or organizational directory (for authenticating users with user flows)." After making this change, you were able to generate the access token successfully.

Please refer to the sample screenshot below for reference. User's image

I hope this information is helpful. Please feel free to reach out if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Thanks,
Raja Pothuraju.

Share via

I am trying to sign in to azure / get a token for with policy id by postman

0 additional answers

Your answer