Skip to content

Using Postman with msAuthHelper

Jump to bottom
Marius Kehl edited this page Mar 28, 2023 · 5 revisions

Disclaimer

A decent base-knowledge is prerequisite for this tutorial.

Setup

We need those two Postman collections:

Fork them both.

Get acces_token

  • Open the following request Azure AD v2.0 Protocols > OAuth 2.0 Authorization Code Flow > Token Request - Auth Code.
  • Replace common with your tenant-id.
  • Switch to the body-tab.
  • Leave the grant_type as is and make sure the client secret field is disabled/deleted.
  • Replace the code value with the code you copied from the msAuthHelper.
  • Replace all the other field's values with the ones that you used for the msAuthHelper.
  • send the request.

If everythig went well, the response contains your acces_token. Copy it.

Use your acces_token

You have two different options to set you acces_token in the Microsoft Graph-Collection:

1:

You can set this as your Pre-request Script and replace <your acces_token> with your acces_token:

acces_token = "<your acces_token>"

pm.request.addHeader({
    key: "Authorisation",
    value: "Bearer " + acces_token
});

2:

or you set the Authorisation Type to Bearer Token and paste your acces_token in the token-text-box.

postman

Play around and have fun :)

Now you can just play around with the Graph-Api.

A few things to note:

  • with the current setup you can only use requests that are in the Delegated folder.
  • Requests that need a higher/other permission than your scope is, WILL throw an error.
  • When changing the scope of your acces_token, you must complete the Authorisation code flow from the complete beginning (means you have to create another acces_code with the msAuthHelper).

The required permissions for each request can be found in the Documentation in the corresponding Article.

The docs are also a good resource to learn more about the API.

Clone this wiki locally