I'm trying to call a REST API which is protected by AzureAD authentication. From Postman REST client it works like,
https://example.com/getexample
Header: Authorization: Bearer . This works great if i get token of the user interactively(example device_code or MFA).
As i wanted to run code Non Interactively, i'm trying to authenticate the REST endpoint by service principal.
The REST server is built in nodejs with azure-passport node.js package.
I have created Service Principal(Native app) and secret for the same. I was able to get access_token from this package as well as below curl command
curl -X POST -d 'grant_type=client_credentials&client_id=[client id]&client_secret=[client secret]&resource=[client id of the server]' https://login.microsoftonline.com/[tenant]/oauth2/token
But if i pass this generated token to REST endpoint i get 401.
Please help how to authenticate a custom REST endpoint with service principal and secret.
Below is the configuration details i have done for service principal(server and client)
Server SP(node.js app) Create Service Principal, added User.Read API permission. Admin Granted the API permission. Created a custom scope(API.Access) under "Expose an API" and selected "Admin and User" can grant. In node.js application i'm using only user.read scope
Client SP(Postman) Created Service Principal, added Server SP(Customer scope) under API permission Used curl command to get access token without passing any scope.