Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save nzpcmad/687d3f7e2f0d9f1592b55fac66cd82ec to your computer and use it in GitHub Desktop.
Save nzpcmad/687d3f7e2f0d9f1592b55fac66cd82ec to your computer and use it in GitHub Desktop.
Postman collection to get userinfo via Azure AD and OpenID Connect / OAuth 2.0
{
"variables": [],
"info": {
"name": "Azure AD Public",
"_postman_id": "d557d80b-e1a8-2922-ed57-bf7768032434",
"description": "Auth code flow.",
"schema": "https://schema.getpostman.com/json/collection/v2.0.0/collection.json"
},
"item": [
{
"name": "Authorize Request",
"request": {
"url": "https://login.microsoftonline.com/[tenant id]/oauth2/authorize?client_id=[client ID]&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F&response_mode=query&scope=openid",
"method": "GET",
"header": [],
"body": {},
"description": "A sign in request to begin the OAuth 2.0 code flow. Be sure to copy & paste into a browser! Running this request in Postman will just return you the HTML of our login pages. You need to fill in your own tenant ID and clientID. You can get the tenant ID from the endpoints for your app. in Azure AD. Running this will ask you for your Azure AD credentials. Note that this will return a 'HTTP Error 404.0 - Not Found' because there is no 'localhost/myapp'. Just ignore and copy the code - the section after '?code=' and before '&session_state=' "
},
"response": []
},
{
"name": "Token Request - Auth Code",
"event": [
{
"listen": "test",
"script": {
"type": "text/javascript",
"exec": "tests['Status Code is 200'] = (responseCode.code === 200);\n\nif (responseCode.code === 200) {\n \n try {\n var tokens = JSON.parse(responseBody),\n access_token = tokens.access_token;\n }\n\n catch(e) {\n console.log(e);\n }\n \n postman.setGlobalVariable(\"access_token\", access_token);\n}"
}
}
],
"request": {
"url": "https://login.microsoftonline.com/[tenant id]/oauth2/token",
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/x-www-url-form-urlencoded",
"description": ""
}
],
"body": {
"mode": "urlencoded",
"urlencoded": [
{
"key": "client_id",
"value": "[client ID]",
"type": "text",
"enabled": true
},
{
"key": "scope",
"value": "openid",
"type": "text",
"enabled": true
},
{
"key": "redirect_uri",
"value": "http://localhost/myapp/",
"type": "text",
"enabled": true
},
{
"key": "grant_type",
"value": "authorization_code",
"type": "text",
"enabled": true
},
{
"key": "client_secret",
"value": "[client secret]",
"type": "text",
"enabled": true
},
{
"key": "code",
"value": "[code]",
"type": "text",
"enabled": true
}
]
},
"description": "The POST request to exchange an auth code for an access token. Be sure to replace the code with your own, that you received after signing in! Again you need to fill in your own client_id and client_secret. Then click 'Send'. This will return an access token, an ID token and a refresh token. You can see what's in the access / ID token by copy / paste into 'jwt.io' in a browser. "
},
"response": []
},
{
"name": "Userinfo Request",
"event": [
{
"listen": "test",
"script": {
"type": "text/javascript",
"exec": "tests['Status Code is 200'] = (responseCode.code === 200);\n"
}
}
],
"request": {
"url": "https://login.windows.net/common/openid/userinfo",
"method": "GET",
"header": [
{
"key": "Authorization",
"value": "Bearer {{access_token}}",
"description": ""
}
],
"body": {
"mode": "formdata",
"formdata": []
},
"description": "An example use of the access_token. Normally you would replace the access token with the one you got from the token request! This is done autimatically. Just click 'Send'. You should get attributes like 'oid' / 'sub' / 'tid' back."
},
"response": []
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment