I have a REST API that is secured by AAD B2C access tokens. I now want to add webtests that can be used in load testing the API.
I am stumbling to acquire a valid access token for my test users from AAD B2C. I'm thinking to somehow get a token as a response from a REST API call to AAD B2C.
Looking in that direction on the net I have found a number of pages that point me to this rather undocumented endpoint
https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/oauth2/v2.0/token?p={policy}
where I need to provide a number of parameters. So far I found
- client_id
- client_secret
- scope
- grant_type
When I now add
- grant_type=password
- username
- password
I thought when POSTing to that I would get a token from AAD - but I rather get a service side exception
{
"error": "server_error",
"error_description": "AADB2C: An exception has occurred.\r\nCorrelation ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\r\nTimestamp: 2018-11-07 16:27:10Z\r\n"
}
Questions
- Is the approach correct?
- Is there a better way to acquire an access token for a webtest?
- Is the POST request malformed in any way?
