MSAL Azure Protected Web API giving error "Sign in to your account" in Postman and programtically in Android

Question

MSAL Azure Protected Web API giving error "Sign in to your account" in Postman and programtically in Android

sumit soni 1

Hi ,

I am trying to access an azure protected web api which is working fine in browser but not working in Android app and in postman.
When I try to hit the Web API in browser, Microsoft authentication pops up and after success authentication, the response of the API gets pop up in the browser.
When I try to access the url in postman, I am getting "Sign into your account" html response .

I tried using Bearer Authentication token in postman but still getting html login response.

Any help appreciated.

Thanks
Sumit Soni

Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator

2022-06-07T10:00:50.353+00:00

Hi @sumit soni ,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

Thanks,
Shweta

1 answer

Your answer

Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator

2022-06-07T10:00:50.353+00:00

Hi @sumit soni ,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

Thanks,
Shweta

Answer 1

Shweta Mathur 30,296 Microsoft Employee Moderator

Hi @sumit soni ,

Thanks for reaching out.

I understand you are trying to access protected web API using postman and Android application and getting below error

I am able to replicate your scenario and the reason its asking to "Sign into your account" when you are trying to call API using client application URL. When you are trying calling API using client application's URL, application is looking for user interaction and asking to "Sign into your account" through browser.

In the postman, we are testing API without calling client application by providing access token authenticated using your client application details as shown below, then you need to provide URL specific of protected API rather than URL of client application.

Hope this will help.

Thanks,
Shweta

--------------------------------------------------

Please remember to "Accept Answer" if answer helped you.

sumit soni 1 Reputation point

2022-05-31T10:45:25.893+00:00

Hi Shweta,

How can I run my web api from my Android mobile app.
Lets say my web api is (API_1)which got a successful response on browser after microsoft auth, looks like https://abc.com/getFlags
Let me walkthrough what I am currently doing -
1 - Firstly, I got the access token via MSAL authentication
2 - Now I am passing this access token to my web api url(API_1) as a Bearer authentication token but in response I am not getting a response.

If I talk about my Service API project, in Expose API section, the above API_1 is not present anywhere, rather some other API_2(https://xyz.com/ user_impersonation) is used as scope and I have added this scope as App Permission in my Client Azure App registration blade.

Please help me which API should I call from my client app ....API_1 or API_2 or anything else needs to be done.
I have tried everything and stucked from past few days.
As you said in browser, due to user interaction , the API is working fine, but why its is failing on mobile app after bearer authenticaiton.

Thanks!!!
Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator

2022-05-31T13:45:48.79+00:00

Hi @sumit soni ,

In your web API, all the scopes need to be added using Expose an API to restrict data protected by an API and these scopes need to added in client application's permissions.

You can decode your access tokens using jwt.ms to see the scopes which are required to call protected web API. Only the access token with right audience and scopes can be used to call the Web API.

As you are adding permissions of API2 in your client application and using that access token for API 1 which is not the correct scopes and permissions to call your API2.

Please refer the document to call protected web API using Android application .

Thanks,
Shweta

------------------------

Share via

MSAL Azure Protected Web API giving error "Sign in to your account" in Postman and programtically in Android

1 answer

Your answer