What value to give for "scope" option when I want to access an Azure function API that is protected with Azure AD in Postman

Question

I am working on an Azure Function API that is protected by Azure AD, it's working fine when I request it with browser once I logged in with a valid account, but when I tried with postman it still shows unauthorized access,

I have got an access token to send with the request, but for the scope property I have given is this value, https://graph.microsoft.com/.default which I think might be the problem. But not sure what I am doing wrong and what to put in the scope field in the get new access tokenoption in postman to authenticate to my API.

HTTP Request Postman Making

GET /api/events/active HTTP/1.1
Host: moya-backend-ascentic.azurewebsites.net
Authorization: Bearer ****IHqMgweN86fDnyL4jvz9P6ZllpjjD9t***
User-Agent: PostmanRuntime/7.13.0
Accept: */*
Cache-Control: no-cache
Postman-Token: 655e0672-4928-409e-a709-841a92ee6f14,22cbf978-f196-4099-ae10-d162d3068507
Host: moya-backend-ascentic.azurewebsites.net
accept-encoding: gzip, deflate
Connection: keep-alive
cache-control: no-cache

If I am not wrong you are asking about the HTTP Request right, I just updated the post — gokublack
How did you get the token? Paste your request here will be helpful to solve your issue. — Tony Ju

juunas juunas · Accepted Answer · 2019-06-03T18:54:03

The scope should be: your-api-client-id/.default. Replace your-api-client-id with the client id/application id for your API app in Azure AD.

Now since browser-based login seems to be working, you may have setup the wrong kind of authentication on the API. If the token still doesn't work, you'll need to setup JWT authentication on the app instead of browser/cookie based.

What value to give for "scope" option when I want to access an Azure function API that is protected with Azure AD in Postman

2 Answers