问题
How can I request an Access Token in Postman against an Azure AD B2C tenant?
I tried taking the url from Run Now in the Azure portal and putting that in the Auth Url but that produces the following error:
Update
Following Chris's answer, I'm now past the above error. I'm able to sign-in but still can't get an access token:
AADB2C90085: The service has encountered an internal error. Please reauthenticate and try again. Correlation ID: 45c56d47-4739-465f-8e02-49ba5b3a1b86 Timestamp: 2017-11-16 15:27:52Z
回答1:
Using @Chris Padgett's answer, I was able to get it working using the Implicit Grant Type (couldn't get it working w/ Authorization Code Gran Type).
Grant Type: Implicit
Callback URL: any URL defined in my B2C app
Auth URL: https://login.microsoftonline.com/te/{tenant}/{policy}/oauth2/v2.0/authorize
Client ID: Application ID from my B2C app
Scope: https://{tenant}.onmicrosoft.com/{web api app id uri}/{scope name}
Client Authentication: Either one, it didn't matter
Update
Microsoft has documented the process now! Use Postman to get a token and test the API.
回答2:
For the Auth URL field, you only have to enter the authorization endpoint URL without the query string parameters:
https://login.microsoftonline.com/te/{tenant}/{policy}/oauth2/v2.0/authorize
For the Access Token URL field:
https://login.microsoftonline.com/te/{tenant}/{policy}/oauth2/v2.0/token
For the Callback URL field, you must enter a reply URL that is registered with the Azure AD B2C application, such as:
https://www.getpostman.com/oauth2/callback
For the Scope field, enter "openid" as well as any API access scopes.
For the Client Authentication field, select "Send client credentials in body".
回答3:
I just want to add some extra information for prosperity since I have recently spent way too long trying to resolve an issue relating to the error AADB2C90085 and this question is one of the few results on Google.
Update
Following Chris's answer, I'm now past the above error. I'm able to sign-in but still can't get an access token:
AADB2C90085: The service has encountered an internal error. Please reauthenticate and try again. Correlation ID: 45c56d47-4739-465f-8e02-49ba5b3a1b86 Timestamp: 2017-11-16 15:27:52Z
And:
Using @Chris Padgett's answer, I was able to get it working using the Implicit Grant Type (couldn't get it working w/ Authorization Code Gran Type).
I received this error when using authorization code flow because my B2C_1A_TokenSigningKeyContainer and B2C_1A_TokenEncryptionKeyContainer were incorrectly generated. Once I followed the guide at Get started with custom policies in Azure Active Directory B2C the error stopped occurring.
Relevant excerpt from the link:
Create the signing key
- Select Policy Keys and then select Add.
- For Options, choose Generate.
- In Name, enter TokenSigningKeyContainer. The prefix B2C_1A_ might be added automatically.
- For Key type, select RSA.
- For Key usage, select Signature.
- Click Create.
Create the encryption key
- Select Policy Keys and then select Add.
- For Options, choose Generate.
- In Name, enter TokenEncryptionKeyContainer. The prefix B2C_1A_ might be added automatically.
- For Key type, select RSA.
- For Key usage, select Encryption.
- Click Create.
回答4:
I could get B2C Request Access Token in Postman working for both grant types: grant_type=implicit and as well grant_type=authorization_code. I've opened accordingly an issue regarding the MS documentation:
- Update documentation and mention that
grant_type=authorization_code"is possible as well (see description): https://github.com/aspnet/Docs/issues/10336
The following changes were necessary:
The only differences between grant_type=implicit and grant_type=authorization_code are that grant_type=authorization_code needs some more parameters as follows:
Access Token (access token request) URL: https://login.microsoftonline.com/"tenant-name".onmicrosoft.com/oauth2/v2.0/token?p=B2C_1_"name-of-your-signup-signin-flow"
client_secret: generate a key for your application: Azure Portal -> Azure AD B2C -> Applications -> -> Keys -> Generate Key
来源:https://stackoverflow.com/questions/47275079/request-access-token-in-postman-for-azure-ad-b2c