1. Requesting an OAuth 2.0 Token

1.1 How to request a Access Token from Azure AD using Postman

You can use Postman to test your understanding and endpoint urls to generate a JWT Token for you.

You can run a POST against https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/token by your self - have a look here Use Postman to get the Azure AD token or you can use the Authorization tab in Postman and configure the following steps (see screenshot below):

  1. Go to the Authorization tab

  2. Type = OAuth 2.0

  3. Add auth data to = Request Headers

  4. Grant Type = Client Credentials

  5. Access Token URL = https://login.microsoftonline.com/{Tenant ID}/oauth2/v2.0/token
    e.g. https://login.microsoftonline.com/10095597-37ec-4541-a096-7482ce839030/oauth2/v2.0/token

  6. Client ID = {Application ID (Client ID)} of your Client App Registration
    e.g. a03b9bda-7728-4dc2-b7a4-0b0f1071b1d3

  7. Client Secret = your Client secret

  8. Scope = {Backend Application ID URI}/.default
    e.g. api://64e0b58f-4652-47a3-a7eb-63a4d59f5dd7/.default

  9. Client Authentication = Send as Basic Auth header

  10. Click "Get New Access Token"

You can now copy the content from "Access Token" and validate it with e.g. jwt.io to verify you have the correct role assignments in the scope section for your backend:

Trying out an OAuth 2.0 API

This article will teach you various ways of requesting OAuth 2.0 tokens for your purposes.

Important: If you are missing any of these values please refer to the getting started with OAuth 2.0 article!

1.2 How to request an Access Token from Azure AD using Python

This python script will request an OAuth 2.0 Access Token for you:

import requests

# Set credentials and URL
client_id = ''
client_secret = ''
scope = ''
token_endpoint = 'https://login.microsoftonline.com/10095597-37ec-4541-a096-7482ce839030/oauth2/v2.0/token'

# Send a request to the token endpoint to get an access token
response = requests.post(token_endpoint, data={
    'grant_type': 'client_credentials',
    'client_id': client_id,
    'client_secret': client_secret,
    'scope': scope
})

# Get the access token from the response
access_token = response.json()['access_token']
print(access_token)

2. Trying out an OAuth 2.0 protected API with Postman

This article will provide you with step by step instructions to try out a sample API that is secured with OAuth 2.0

Important: Please review the getting started with our APIs and the getting started with OAuth 2.0.

1. Install Postman

  • To download and install Postman properly please refer to this article by the Postman team.

2. Download the OauthTest Postman collection

  • We have already prepared a sample API that you can freely try out. Click here to download the pre-configured Postman collection for this API.

3. Import the collection to Postman

  • Start Postman and have the collection ready.

  • To import the collection you just downloaded, simply drag and drop the file anywhere into postman.

4. Trying out the API with Postman

  • Navigate to the operation you want to try out in the Postman collection.

  • Go to the Headers tab in the operation section.

  • Set the Authorization header's value to "Bearer {your OAuth 2.0 token}". You can learn how to create a token in the steps above.

  • Click the blue Try button to send your request.


Trying out your request with an exemplary OAuth 2.0 authorization header.