Azure AD, REST APIs, and Postman

Question

I'm building an REST API which should be protected by Azure AD. So I have the following OAuth2 items

Resource Server: My REST API server
Authorization Server: Azure Active Directory
Client: Postman
Resource Owner: me

I've been trying to configure AD using this blog post but then it goes straight to configure a frontend application. In the blog post, the author configured a front end application but during development, the front end is not yet ready, so I will be using Postman

And when I tried using Postman using the Get New Access Token functionality (Grant type is Authorization code with PKCE), it is failing with error Error: AADSTS9002327: Tokens issued for the 'Single-Page Application' client-type may only be redeemed via cross-origin requests

Any thoughts on how I can properly test this? What am I doing wrong?

It's quite hard to say because we don't see any of your configuration. — Vlad DX, Nov 10 '20 at 12:11

score 0 · Accepted Answer · answered Nov 10 '20 at 13:33

0

Please refer to this cogent article on testing Azure AD protected Springboot API: Securing a RESTful API using Spring Boot and Microsoft’s Azure Active Directory.

Here are some screenshots for quick reference on setting up Postman:

answered Nov 10 '20 at 13:33

Harshita Singh

4,590
1
10
13

This works with Postman, but this is an implicit grant. Will this configuration work with a single page app using the authorization code flow with PKCE? – Robby F Nov 11 '20 at 05:48
Yes, it is the same. Check this out: https://blogs.aaddevsup.xyz/2020/08/performing-azure-ad-oauth2-authorization-code-grant-flow-with-pkce-in-postman/ – Harshita Singh Nov 11 '20 at 07:05

Azure AD, REST APIs, and Postman

1 Answers1