I came across a use case to test ASP NET Core Web API secured with JWT (JSON Web Token) authentication using Postman. In order to test the api, we need to first retrieve the authentication token from token authority (in my case it was Azure AD) and then use the retrieved token while initiating actual web api requests.
Pre-requisites:
Azure AD Tenant Id — you can get it from Tenant properties
Azure AD App Registration — will be used to establish trust relationship between user and Azure AD. Note down the Client Id and Client Secret for app registration.
Steps to retrieve authentication token from Azure AD in Postman:
- Open postman with new GET request tab
- In the URL, use the below format with your tenant
https://login.microsoftonline.com/<tenantid>/oauth2/v2.0/token
3. Under Headers section, add Content-Type header with value as “application/x-www-form-urlencoded”
4. In the Body section, add following keys with appropriate values
5. Click Send to initiate request. In response, you will get the access_token from Azure AD.