Azure B2C - Using PostMan to request Token with scopes from Multiple Apps

0
votes

I'm using Azure B2C to protect two web services. I am using PostMan to test the two web services and I've configured PostMan's app using this link:

https://docs.microsoft.com/en-us/aspnet/core/security/authentication/azure-ad-b2c-webapi?view=aspnetcore-2.2#use-postman-to-get-a-token-and-test-the-api

Eventually I got everything working correctly. I can use PostMan to request a token and then call the web services.

I have two scopes that I want to retrieve in the token: https://myorg.onmicrosoft.com/appone/user_impersonation https://myorg.onmicrosoft.com/apptwo/user_impersonation

I can request a token for each scope individually and confirm that it is working but I get an error when I specify the scopes separated by a space in PostMan. Is there a limitation on the token or am I requesting this incorrectly?

1
azureoauth-2.0postmanazure-ad-b2c
It should not throw an error and you need to use spaces only in scope. Try putting scopes first in Notepad side by side with space and copy them and paste in post manRamakrishna

1 Answers

4
votes

Tokens with multiple application in the audience (multi-audience tokens) are not supported. You can logically think of these as a single application and honor different scopes for each API. The application can request a token with scopes for one or both applications depending on the need.