Wednesday, August 24, 2016

Postman : Using Postman to get "Userinfo" on Azure AD

I got this idea from v2.0 Protocols - OAuth 2.0 Authorization Code Flow that has "Run in Postman" buttons that load Postman collections.

So I made my own which you can find in this gist.

This uses OpenID Connect / OAuth 2.0.

It has three steps.

The first you have to customise for your clientID etc. and then run in a browser.

Then copy / paste the code from the reply into the second, customise for your clientID etc. and click "Run".

This returns an access token, an ID token and a refresh token.

(You can see what's in them by copy / paste the access / ID token into jwt.io).

The code inside the collection automatically sets up the token for the third step so all you have to do is press "Run".

You will see the full "Userinfo".

There are full instructions in the collection.

Enjoy!

2 comments:

Anonymous said...

Hi - Thanks for this.

All three steps are passing, except the last bit (userinfo request) with the error: JWT tokens cannot be used with the UserInfo endpoint.

Any ideas?

nzpcmad said...

I didn't get this error but this may help:

https://stackoverflow.com/questions/28631635/cannot-access-openid-userinfo-endpoint-on-azure-aadsts90010-jwt-tokens-cannot