Postman Get Azure Synapse Bearer Token

Question

I am trying to get a Azure Synapse Bearer Token using Postman. I've followed this Postman link/video and have successfully called:

Azure Management Rest API: https://management.azure.com/subscriptions/{{subscriptionId}}/resourcegroups?api-version=2020-09-01

Per Microsoft documentation and PowerShell, I have successfully obtained a Synapse Bearer Token and called:

https://mysynapseworkspace.dev.azuresynapse.net/pipelines?api-version=2020-12-01

PowerShell: NOTE: The Endpoint is https://dev.azuresynapse.net/ Create Azure APP Service Principal

az login --service-principal --username "appid" --password "pasword" --tenant "tenantid"

az account get-access-token --resource https://dev.azuresynapse.net/

In the Postman link example, the Pre-request-Script

pm.test("Check for collectionVariables", function () {
let vars = ['clientId', 'clientSecret', 'tenantId', 'subscriptionId'];
vars.forEach(function (item, index, array) {
    console.log(item, index);
    pm.expect(pm.collectionVariables.get(item), item + " variable not set").to.not.be.undefined;
    pm.expect(pm.collectionVariables.get(item), item + " variable not set").to.not.be.empty; 
});

if (!pm.collectionVariables.get("bearerToken") || Date.now() > new Date(pm.collectionVariables.get("bearerTokenExpiresOn") * 1000)) {
    pm.sendRequest({
        url: 'https://login.microsoftonline.com/' + pm.collectionVariables.get("tenantId") + '/oauth2/token',
        method: 'POST',
        header: 'Content-Type: application/x-www-form-urlencoded',
        body: {
            mode: 'urlencoded',
            urlencoded: [
                { key: "grant_type", value: "client_credentials", disabled: false },
                { key: "client_id", value: pm.collectionVariables.get("clientId"), disabled: false },
                { key: "client_secret", value: pm.collectionVariables.get("clientSecret"), disabled: false },
                { key: "resource", value: pm.collectionVariables.get("resource") || "https://management.azure.com/", disabled: false }
            ]
        }
    }, function (err, res) {
        if (err) {
            console.log(err);
        } else {
            let resJson = res.json();
            pm.collectionVariables.set("bearerTokenExpiresOn", resJson.expires_on);
            pm.collectionVariables.set("bearerToken", resJson.access_token);
        }
    });
}

});

I modified the Pre-Request-Script statement:

The PostMan Variable: resource = dev.azuresynapse.net

{ key: "resource", value: pm.collectionVariables.get("resource") || "https://dev.azuresynapse.net/", disabled: false }

Post Failed:

{
"code": "AuthenticationFailed",
"message": "Token Authentication failed - IDX12741: JWT: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' must have three segments (JWS) or five segments (JWE)."

}

What is the problem? Thx

Answer 1

I try to reproduce same thing in my environment and got below result:

PowerShell with Bearer Token:

Shell Script:

$applicationID = '4381xxxxxxxxxxxfa606b3edf' 
$clientSecret = '4KI8Qxxxxxxxxxxxxxxxx6sQcKw'
$tenantId = 'fb134080xxxxxxxxxxxxx3a0c218f3b0'          
$url = "https://login.microsoftonline.com/$tenantId/oauth2/token" 
$resource = "https://graph.microsoft.com/" 
$restbody = @{
        grant_type = 'client_credentials' 
        client_id = $applicationID 
        client_secret = $clientSecret 
        resource = $resource 
} 
# Get the return Auth Token 
$token = Invoke-RestMethod -Method POST -Uri $url -Body $restbody Write-Host "Authenticated - token retrieved of type " $($token.token_type)
$token

Or

I generated Bearer token via postman with below parameters:

POST
https://login.microsoftonline.com/fb1380-e4d2-xxxxx-f3a0c218f3b0/oauth2/v2.0/token
  
client_id:4KIxxxxxx2CS2UasSu9zTXhrMNQy6sQcKw  
scope:https://management.azure.com/.default 
client_secret: 4KI8Q~7xxxxxxxxxzTXhrMNQy6sQcKw
grant_type:client_credentials

Response: