How to generate oauth token for webapi without using client id and client secret

Question

I have deployed one webapi into azure. After that I have register my API into Azure AD.

I got my API client-id and client-secret, now i just want to test my API not like 3rd application will access it so what will be recourse id in this case.

I have used oauth for authentication into that webapi.

I want to test that webapi so into POSTMAN i used this url to generate oauth token

which i will pass as header Authentication bearer token.

step 1 - https://login.microsoftonline.com/{{OAuth_Tenant}}/oauth2/token

in header -

grant_type:client_credentials
client_id:{{client_id}}           // i have my API client-id
client_secret:{{client_secret}}   // i have my API client-secret
resource:{{resource}}             // i have my API client-id

when i generate token using above values and send that bearer token it fail error unauthorized.

Answer 1

You need to register an app in Azure Active Directory to acquire access tokens.

Register an app there, and you can find the client id/application id there. Then you can create a key for the app, that's your client secret. Finally the resource should be the client id or app id URI for your API's app registration in Azure AD.

To implement this according to best practices, you'll also want to look into defining app permissions for your API, so you can then assign privileges to apps to call your API.