Request Azure OAuth 2.0 Access Token from Azure Active Directory using Postman, Python Script, PowerShell Script.
Prerequisite: Make sure you have all the mandatory details before proceeding with the access token request. You must have valid details like “Client ID”, “Client Secret” and “Scope” to generate token from Azure Active Directory.
#1. Get Azure OAuth 2.0 access Token using Postman with 'x-www-form-urlencoded' option.
Follow the same steps and set the variables as defined in Postman Sample below.
- Step 1:-
- Past the token URL in the URL section and replace your DirectoryID or TenantID with the URL.
- Example: "https://login.microsoftonline.com/36h4ug5ug62ov464ufvo53529r8c2/oauth2/v2.0/token"
- Step 2:-
- Select the 'body' option and.
- Then click on the 'x-www-form-urlencoded' option.
- Step 3:-
- Add all the Keys such as client_id, client_Secret, scope, grant_type along with its values.
- Example: Reference is given below, please check it.
- Stetp 4:- Click on Send Button and you will get Access Token if you have configured everything properly.
- If you are facing any issue or difficulty while generating token please comment below and share your issue.
Postman Sample: Configure all Postman settings as given below.
Get | https://login.microsoftonline.com/{DirectoryID or TenantID} /oauth2/v2.0/token |
Send | ||||
---|---|---|---|---|---|---|
Params | Authorization | Headers (8) | Body . | Scripts | Tests | Settings |
none | form-data | x-www-form-urlencoded | raw | binary | GraphQL |
Key | Value | Description | |
---|---|---|---|
grant_type | client_credentials | ||
client_secret | g6hd9dAsCGHtk5477GVJHghGduVVh78GHcSSjvJGD | ||
scope | <replace_your_scope> /.default |
||
client_id | 195a05a8-89l1-3pd0-j6r8-b214fcb52755 | ||
Key | Value | Description |
The "scope" value looks like:-
Sample 1. 'https://drz78loa1.dvm2.dynamics.com/.default'
Sample 2: 'api://hP68sSw3-6ml1-5Q6n-4qZd-m784gfr90q12/.default'
If you are unsure about the scope please contact whoever setup the APP in Azure.
According to Microsoft-
Difference in /{DirectoryID or TenantID}/
, A tenant is a dedicated and isolated instance of Azure AD/Entra ID, while a directory is a container for objects such as users, groups, and applications. You will get this ID from the person who setup the APP in Azure.
According to Microsoft-
Scope: The scope /<replace_your_scope>/
refers to the scope of the authorization (permission) being requested by and/or granted to an application. Scope gives your app access to resources on behalf of the user for an extended time. You will get scope details from the person who setup the APP in Azure.
#2. Get Azure OAuth 2.0 access Token using Postman with 'form-data' option.
Setup the following settings and parameters to generating the OAuth 2.0 Token using Postman.
Get | https://login.microsoftonline.com/{DirectoryID or Tenat}/oauth2/v2.0/token | Send | ||||
---|---|---|---|---|---|---|
Params | Authorization | Headers (8) | Body | Scripts | Tests | Settings |
none | form-data | x-www-form-urlencoded | raw | binary | GraphQL |
Key | Value | Description | |
---|---|---|---|
grant_type | client_credentials | ||
client_secret | g6hd9dAsCGHtk5477GVJHghGduVVh78GHcSSjvJGD | ||
scope | <replace_your_scope>/.default | ||
client_id | 195a05a8-89l1-3pd0-j6r8-b214fcb52755 | ||
Key | Value | Description |
#3. Get Azure OAuth 2.0 access Token using PowerShell Script.
Important Instruction: Save the below PowerShell script in your directory with any name. As you can see, I have selected "Downloads" directory and named the file as "get_token.ps1".
#******************************************************************************************************************************************************# Invoke-RestMethod ` -Uri "https://login.microsoftonline.com/<DirectoryID or TenantID>/oauth2/v2.0/token" ` -Method Post ` -Body @{ "grant_type" = "client_credentials"; "client_id" = "195a05a8-89l1-3pd0-j6r8-b214fcb52755"; "client_secret" = "g6hd9dAsCGHtk5477GVJHghGduVVh78GHcSSjvJGD"; "scope" = "<replace_your_scope>/.default" }
# Output:- #Open the PowerShell and type the following commands. PS C\Lourk_Dutch> PS C\Lourk_Dutch> # This command prints the result in the Shell. PS C\Lourk_Dutch> .\Downloads\get_token.ps1 | Format-List token_type : Bearer expires_in : 3599 ext_expires_in : 3599 access_token : 6IjAuQVVVQWpTcnlqVk9SblVpVkRLSU16TFpXSUcwSmFtZlJNOVZOaG8C1iMjE0ZmNiNTI3NTUiLCJpc3MiOiJodHRwczovL2xvZ2luLm mMjJhOGQtOTE1My00ODlkLTk1MGMtYTIwY2NjYjY1NjIwL3YyLjAiLCJpYXQiOjE3MjA5NDY2MzYsIm5iZiI6MTcyMDk0NjYzNiwiZ XhwIjoxNzIwOTUwNTM2LCJhaW8iOiZQeTFKMVZGQUFBLiIsInN1YiI6IjBkYzhmMzEyLWRkODMtNDExMC1iOWQyLT PS C\Lourk_Dutch> PS C\Lourk_Dutch> # This command will save the output to a .txt file and the results will not be printed in the shell. PS C\Lourk_Dutch> .\Downloads\get_token.ps1 | Format-List > C:\Users\Lourk_Dutch\Downloads\result.txt
#4. Get Azure OAuth 2.0 access Token using Python script with HTTP Request package.
import requests url = "https://login.microsoftonline.com/<DirectoryID or TenantID>/oauth2/v2.0/token" client_id = "195a05a8-89l1-3pd0-j6r8-b214fcb52755" client_secret = "g6hd9dAsCGHtk5477GVJHghGduVVh78GHcSSjvJGD" response = requests.post(url, data={"grant_type": "client_credentials", "scope":"<replace_your_scope>/.default"}, auth=(client_id, client_secret), ) print("Status Code: ",response.status_code) list(map(lambda x : print(x,":", response.json()[x]) ,response.json())) print()