Azure Functions returns "401 Unauthorized" only with Postman

Question

I have some troubles trying to call an Azure Function (code) with Postman.

I have already set up the Authentication / Authorization and settings.

It's working with my browser (with login page).

But when I try to use Postman, I'm getting 401 :

"You do not have permission to view this directory or page."

I also tried to use the Postman built-in (see configuration) Oauth2 to login. I can successfully get the tokens (access and refresh). But it seems that my API request to functions are not working...

Here is the final API Call: postman screenshot

The aad tenant_id starts with 8d6, the application client_id starts with 226, and the app secret ends with Av2.

Is there anything wrong ... ? It looks like actually, Azure Functions handle only Cookies for the authentication, that's why it's working with the browser and not Postman. How can I make it works with the header Authorization / Bearer ?

Thanks for your help !

Look at the value of the access token through jwt.js and see whether the audience claim value equals the id of your function app as registered in AAD? I suspect that when you accessed the API through the browser, EasyAuth executed OIDC authentication to your Function and this returned an id_token with the id the function as aud. However, in your Postman you are not specifying a resource or scope so the token you get is for Graph API. — Marc

Tony Ju Tony Ju · Accepted Answer · 2019-08-15T01:56:41

The way you got the access token is not correct. Just like @Marc said, in your Postman you are not specifying a resource or scope. The postman get new access token tool only has the scope parameter, so you should use the v2.0 endpoint to get the access token.

Auth URL:

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize

Access Token URL:

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

Scope:

{clientId}/.default

Azure Functions returns "401 Unauthorized" only with Postman

1 Answers