0

I want to be able getting access token while I act as a user (meaning I only have username and password). In all the relevant topics I only see that they try getting the token as administrator of the application (for example, in order to know the clientId), but can I do the same while acting as the user of the application?

Yahav Festinger
  • 985
  • 2
  • 8
  • 17
  • Could you give more details on what you are trying to achieve ? When you request a user token, you still need to specify the application you're requesting the token for. – Thomas Apr 25 '22 at 10:16
  • Is there a way to specify the application as a user (maybe by the url)? – Yahav Festinger Apr 25 '22 at 10:56
  • yes you can specify the `client_id` parameter, See the link for the ROPC flow: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc#authorization-request. – Thomas Apr 25 '22 at 11:11
  • But what if I don't have the ```client_id``` parameter? Because I only use the application and don't have any access to it – Yahav Festinger Apr 25 '22 at 12:26
  • A token is valid for an application=scope so you need the client_id / resource_uri. AAD needs to know which application you re trying to get a token for. – Thomas Apr 25 '22 at 12:46
  • And as I understand I can find out the ```client_id``` only if I the one that register the application on Azure, right? – Yahav Festinger Apr 25 '22 at 13:01
  • 1
    you should ask the person who register the app to give you the client_id – Thomas Apr 25 '22 at 19:47

1 Answers1

1

As suggested by @Thomas, you can make use of ROPC flow.

In order to get access token as a user, you still need to know values of client_id and tenant_id along with your UPN and password.

Client_Id - Your Application ID

Tenant_Id - Your Directory ID

You can get these values from the person who registered the application by: Go to Azure Portal -> Azure Active Directory -> Your Application -> Overview

Image

After getting those values, make use of Postman to generate the access token.

For that, POST an HTTP request like below that need tenant_id and parameters like below:

https://login.microsoftonline.com/your_tenant_id/oauth2/v2.0/token

  • In Postman, Go to Authorization tab and select type as Oauth2.0

  • Visit Headers tab and include Content-Type key with value as application/x-www-form-urlencoded

  • In Body tab, include parameters like client_id, grant_type, username, password and scope as below: IMAGE

  • Make sure to grant admin consent to required API permissions defined in scope before sending the request.

  • Now, send the request and you can get the access token successfully like below: Image

To know more in detail, please refer below links:

Sign in with resource owner password credentials grant - Microsoft identity platform | Microsoft Docs

Azure registered app error: The user or administrator has not consented to use the application with ID - Stack Overflow

Sridevi
  • 10,599
  • 1
  • 4
  • 17