By spottedmahn


2017-11-13 23:11:52 8 Comments

How can I request an Access Token in Postman against an Azure AD B2C tenant?

new access token screenshot


I tried taking the url from Run Now in the Azure portal and putting that in the Auth Url but that produces the following error:

b2c error


Update

Following Chris's answer, I'm now past the above error. I'm able to sign-in but still can't get an access token:

AADB2C90085: The service has encountered an internal error. Please reauthenticate and try again. Correlation ID: 45c56d47-4739-465f-8e02-49ba5b3a1b86 Timestamp: 2017-11-16 15:27:52Z

4 comments

@spottedmahn 2017-11-30 00:30:17

Using @Chris Padgett's answer, I was able to get it working using the Implicit Grant Type (couldn't get it working w/ Authorization Code Gran Type).


Grant Type: Implicit

Callback URL: any URL defined in my B2C app

Auth URL: https://login.microsoftonline.com/te/{tenant}/{policy}/oauth2/v2.0/authorize

Client ID: Application ID from my B2C app

Scope: https://{tenant}.onmicrosoft.com/{web api app id uri}/{scope name}

Client Authentication: Either one, it didn't matter


Update

Microsoft has documented the process now! Use Postman to get a token and test the API.

@pcdev 2018-02-14 04:26:29

Hey, I just wanted to say thanks for documenting all the hard yards with this B2C stuff - everywhere I look for answers I see spottedmahn has already asked the question, done the research and got an answer, usually with success! It's been very useful, far better than trying to figure out Microsoft's (usually) out of date docs on the subject. Kudos.

@spottedmahn 2018-03-09 14:50:05

Hey @pcdev - you're welcome! It takes a community, right! BTW, I tried looking for you on Twitter as not bloat the SO comments. Your comment made my day! Thanks!!

@ubienewbie 2018-03-15 14:28:00

Has anyone got this working where the API that you're trying to test with Postman is server up by Azure functions? I've got the spottedmahn/microsoft approach working for an aspnet MVC app but it's not working an Azure Function App which uses same azure b2c tenant. I'm going to post a separate question for that ....

@spottedmahn 2018-12-07 21:41:28

Hi @ubienewbie - did you post that follow question? If so, can you share the link? Thanks

@ubienewbie 2018-12-07 23:49:18

@becke-ch 2019-01-11 08:17:20

But wanted to mention that I've opened 2 documentation issues @MS related to that: "Documentation "Azure Active Directory B2C: OAuth 2.0 authorization code flow" not in sync with "Use Postman to get a token and test the API"" - github.com/aspnet/Docs/issues/10335 - github.com/MicrosoftDocs/azure-docs/issues/22164 Furthermore I've recorded an issue regarding "B2C quick-start/tutorial implementation not correct aligned with Set redirect URLs to b2clogin.com for Azure Active Directory B2C" - github.com/Azure-Samples/… -

@becke-ch 2019-01-11 09:12:37

I could get B2C Request Access Token in Postman working for both grant types: grant_type=implicit and as well grant_type=authorization_code. I've opened accordingly an issue regarding the MS documentation:

The following changes were necessary:

The only differences between grant_type=implicit and grant_type=authorization_code are that grant_type=authorization_code needs some more parameters as follows:

  • Access Token (access token request) URL: https://login.microsoftonline.com/"tenant-name".onmicrosoft.com/oauth2/v2.0/token?p=B2C_1_"name-of-your-signup-signin-flow"

  • client_secret: generate a key for your application: Azure Portal -> Azure AD B2C -> Applications -> -> Keys -> Generate Key

@Anananasu 2018-11-08 13:06:48

I just want to add some extra information for prosperity since I have recently spent way too long trying to resolve an issue relating to the error AADB2C90085 and this question is one of the few results on Google.

Update

Following Chris's answer, I'm now past the above error. I'm able to sign-in but still can't get an access token:

AADB2C90085: The service has encountered an internal error. Please reauthenticate and try again. Correlation ID: 45c56d47-4739-465f-8e02-49ba5b3a1b86 Timestamp: 2017-11-16 15:27:52Z

And:

Using @Chris Padgett's answer, I was able to get it working using the Implicit Grant Type (couldn't get it working w/ Authorization Code Gran Type).

I received this error when using authorization code flow because my B2C_1A_TokenSigningKeyContainer and B2C_1A_TokenEncryptionKeyContainer were incorrectly generated. Once I followed the guide at Get started with custom policies in Azure Active Directory B2C the error stopped occurring.

Relevant excerpt from the link:

Create the signing key

  1. Select Policy Keys and then select Add.
  2. For Options, choose Generate.
  3. In Name, enter TokenSigningKeyContainer. The prefix B2C_1A_ might be added automatically.
  4. For Key type, select RSA.
  5. For Key usage, select Signature.
  6. Click Create.

Create the encryption key

  1. Select Policy Keys and then select Add.
  2. For Options, choose Generate.
  3. In Name, enter TokenEncryptionKeyContainer. The prefix B2C_1A_ might be added automatically.
  4. For Key type, select RSA.
  5. For Key usage, select Encryption.
  6. Click Create.

@Chris Padgett 2017-11-13 23:35:41

For the Auth URL field, you only have to enter the authorization endpoint URL without the query string parameters:

https://login.microsoftonline.com/te/{tenant}/{policy}/oauth2/v2.0/authorize

For the Access Token URL field:

https://login.microsoftonline.com/te/{tenant}/{policy}/oauth2/v2.0/token

For the Callback URL field, you must enter a reply URL that is registered with the Azure AD B2C application, such as:

https://www.getpostman.com/oauth2/callback

For the Scope field, enter "openid" as well as any API access scopes.

For the Client Authentication field, select "Send client credentials in body".

@spottedmahn 2017-11-14 14:59:37

I'm getting The redirect URI '/' provided in the request is not registered for the client id '60a724bd-a41b-4387-806b.....

@Chris Padgett 2017-11-15 21:01:44

I've updated the above answer with example of a callback URL that must also be registered with the Azure AD B2C application.

@spottedmahn 2017-11-16 16:09:46

thanks Chris but still no luck. I've tried the above callback and jwt.ms but I get an internal error. I've updated my question.

@Chris Padgett 2017-11-16 21:31:07

Can you please replace the screen shot removing any secret values?

@spottedmahn 2017-11-17 13:16:56

Sure thing. I've been using a client's tenant. Let me try against my personal one so I can share everything.

Related Questions

Sponsored Content

1 Answered Questions

[SOLVED] How to get an error log in Azure AD B2C tenant with correlation ID?

1 Answered Questions

Azure B2C Postman OAuth 2.0 - Implicit Grant - invalid_request

1 Answered Questions

[SOLVED] Multi-Tenant Azure AD Auth in Azure AD B2C with Custom Policies

  • 2017-06-13 15:43:12
  • Montel Edwards
  • 1135 View
  • 2 Score
  • 1 Answer
  • Tags:   azure-ad-b2c

0 Answered Questions

Azure B2C Blade in Azure Portal Missing

  • 2018-06-16 18:15:25
  • Sql Surfer
  • 118 View
  • 1 Score
  • 0 Answer
  • Tags:   azure azure-ad-b2c

1 Answered Questions

1 Answered Questions

[SOLVED] Configure external Azure AD in Azure B2C tenant

2 Answered Questions

[SOLVED] Azure AD B2C Token Issue

4 Answered Questions

[SOLVED] azure active directory & postman

1 Answered Questions

Azure AD Internal and B2C Logon for Single Web App?

1 Answered Questions

[SOLVED] Getting users from Azure AD B2C: not supported for this API version

  • 2016-07-15 14:38:14
  • dumbledad
  • 533 View
  • 1 Score
  • 1 Answer
  • Tags:   azure-ad-b2c

Sponsored Content