I am currently using this example:
To check the Client Credentials Flow with OAuth in Azure AD. Theoretically the example works OK. Client App successfully communicates with the server App, obtaining first the OAuth Token from Azure AD token url. No problems there. However, I am trying to use Postman to check the Client Credentials Flow and I cannot get it to work.
In Postman, I should provide an Access Token Url, a Client ID and a Client Secret, Grant Type is set to Client Credentials. Using the same parameters as in the example provided by Microsoft's sample in https://github.com/Azure-Samples/active-directory-dotnet-daemon, I get a 401 response when trying to access the web service. I think the main reason is because in Postman, I can not type the resource I want to access, so the received token is not "linked" to any resource and that is why the authorization fails in the web server? Could this be the reason? If that is the reason, then what should I do in the server, because, somehow it seems as if Postman's requirements should be the ones valid in the Client Credentials Flow (I mean, no resource should be given, according to the OAuth2 Client Credentials Flow, right?
This is the code for the Starup class in the sample downloaded from Microsoft's example
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Audience = ConfigurationManager.AppSettings["ida:Audience"],
Tenant = ConfigurationManager.AppSettings["ida:Tenant"]
});
}
ConfigurationManager.AppSettings["ida:Tenant"] is my Azure AD tentant, while ConfigurationManager.AppSettings["ida:Audience"] is the protected resource I need to access. Both values are required, if I do not provide the Audience, I get an error in .NET web API initialization.