I am trying to use Postman for a Microsoft Graph Rest API OAuth2
I have tried everything mentioned on Stackoverflow and other resources but I cant seem to figure out what I am doing wrong.
Asked
Active
Viewed 1,838 times
1 Answers
2
Change Client Authentication to Send client credentials in body. Also, you should remove the https://graph.microsoft.com/ bit from your first scope.
Jason Johnston
- 17,194
- 2
- 20
- 34
-
Thank you so much! Please when you have time can you explain the difference between the two? – satoshi Apr 13 '18 at 00:25
-
OAuth supports sending the parameters within the body or as query parameters. AAD however only supports body parameters. – Marc LaFleur Apr 13 '18 at 19:05
-
@g_altobelli When you select `Send client credentials in body` Postman will send `client_secret` and `client_id` in the request body and when you select `Send client credentials in header` then Postman will first compute Base64('${client_id}:${client_secret}') and then send this in an header as `Authorization: Basic ${encodedValue}`. For more info refer [rfc-6749(section-2.3.1)](https://tools.ietf.org/html/rfc6749#section-2.3.1) – Harry Apr 14 '18 at 08:06