stackoom
  简体   繁体   中英

Request Access Token in Postman for Azure Function App protected by Azure AD B2C

 原文  2018-03-15 16:09:10       azure/ postman/ azure-functions/ azure-ad-b2c

Question

I have an AspNetCore 2.0 MVC web API secured by an Azure Active Directory B2C tenant. I have been able to use Postman to test the API end points by following this SO posting: Request Access Token in Postman for Azure AD B2C (in particular, the Microsoft documented steps referenced in SpottedMahn's comments: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/azure-ad-b2c-webapi#use-postman-to-get-a-token-and-test-the-api )

Now, I am working on a serverless version of the above - the app is pretty much identical expect that the endpoints have been implemented by Azure functions in an Azure Functions App

The Functions App has Authentication on, Log in with Azure Active Directory and the following settings:

在此处输入图片说明

This is how i have set up the Application in the Azure B2C tenant:

在此处输入图片说明

If I access the functions endpoint via a browser, I get successfully routed to the Azure AD B2C login page and can log in, then see the results from the API endpoint. So I'm pretty confident all is good wrt the Azure AD B2C <-> Function App configuration.

However, I can't use the Request Access Token technique linked above to get a token and inspect the endpoint in Postman

If I take the token obtained after authentication (for example by using fiddler and observing the id_token being returned), and in Postman I choose Bearer authentication and supply that id_token, then Postman successfully hits my endpoint. However, if I follow the steps in the linked document above, I do get the "login" popup and then do get a valid [looking] token, but when I click Use Token and run the request, I get

You do not have permission to view this directory or page.

I'd really like to be able to request an access token from postman just like I can with my aspnetcore 2.0 app (really just for the consistency so I don't have to remember lots of different techniques). Is that possible for Azure Function Apps and if so, any clues what I'm doing wrong in the above?

1 answers

solution1
 0 ACCPTED  2018-03-15 16:24:30

Ah I stumbled upon it. I fixed it by adding the Postman API client id (note: the postman API client id, not the postman App client id) [those references will make sense in the context of the Microsoft how-to linked above], under "ALLOWED TOKEN AUDIENCES" (visible in screenshot in question above).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Configure Postman to Test Get New Access Token from Azure AD B2C How to access two separate Web APIs protected using Azure AD B2C from a web app Azure AD B2C API Access through Postman and Web app How to access API (authenticated with Azure Ad B2C token) from a Azure function? Azure AD B2C -> OAuth2 -> Azure Function App Token Exchange Is enriching an Azure AD B2C Token with extra claims using an Azure Function app possible? Generating access Token with loginRedirect in Azure AD B2C portal Azure AD B2C: AcquireTokenSilentAsync returns empty access token Azure AD B2C :: Roles claim is missing in access token Azure AD B2C Not getting Access Token
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM