I'm building an REST API which should be protected by Azure AD. So I have the following OAuth2 items
- Resource Server: My REST API server
- Authorization Server: Azure Active Directory
- Client: Postman
- Resource Owner: me
I've been trying to configure AD using this blog post but then it goes straight to configure a frontend application. In the blog post, the author configured a front end application but during development, the front end is not yet ready, so I will be using Postman
And when I tried using Postman using the Get New Access Token functionality (Grant type is Authorization code with PKCE), it is failing with error Error: AADSTS9002327: Tokens issued for the 'Single-Page Application' client-type may only be redeemed via cross-origin requests
Any thoughts on how I can properly test this? What am I doing wrong?
