Jenkins with Azure active directory authentication: REST API access not working with Bearer token

问题

I need to access Jenkins REST API using python code. Need some guidance about the correct approach.

I have hosted jenkins v2.176.1 in apache tomcat with SSL enabled. I have configured Azure AD authentication based on this. I am able to login using my Azure AD credentials in browser and access the REST API of jenkins.

When i try to access the REST API from curl or postman based on the samples here i am able to get the access token but jenkins rest api(with Authorization: Bearer [access_token] in the header) response shows as unauthorized.

The API permissions configured are : Under Azure Active directory graph, Group.Read.All and User.Read.All .
The only way by which i can access the REST API from postman is:

Step 1: In the postman Authorization tab with oauth2 option --> Get new access token --> grant_type as "Authorization Code". The response contains access_token, refresh_token and id_token.
This sets the microsoft login related cookies in postman.
Step 2: Do a GET request to https://[jenkinsHost]/securityRealm/commenceLogin with the param "id_token:id_token"(obtained from previous step)
It returns a HTML response(200) :

<html>
<head>
    <title>Working...</title>
</head>
<body>
    <form method="POST" name="hiddenform" action="https://[jenkins_host]/jenkins/securityRealm/finishLogin">
        <input type="hidden" name="id_token" value="eyJ0eXAiOiJKV1Qi....." />
        <input type="hidden" name="session_state" value="1b151d4a-3318-49b5-a653-18260501ba6a" />
        <noscript>
            <p>Script is disabled. Click Submit to continue.</p>
            <input type="submit" value="Submit" />
        </noscript>
    </form>
    <script language="javascript">document.forms[0].submit();</script>
</body>
</html>

This sets the jenkins cookie with JSESSIONID.
Step 3: POST request to : https://[jenkins_host]/jenkins/securityRealm/finishLogin with the param id_token whose value is available from the previous response.(Skipping this step returns 403 response from REST API even though the cookie was set from Step 2)
Step 4: GET request to Jenkins REST API without any other parameters/headers works fine.

Can someone guide me with the correct flow to access the REST API or if what i am doing(using cookies) is the right way ?

来源：https://stackoverflow.com/questions/57408352/jenkins-with-azure-active-directory-authentication-rest-api-access-not-working