Azure Functions returns "401 Unauthorized" only with Postman

Question

I have some troubles trying to call an Azure Function (code) with Postman.

I have already set up the Authentication / Authorization and settings.

It's working with my browser (with login page).

But when I try to use Postman, I'm getting 401 :

"You do not have permission to view this directory or page."

I also tried to use the Postman built-in (see configuration) Oauth2 to login. I can successfully get the tokens (access and refresh). But it seems that my API request to functions are not working...

Here is the final API Call: postman screenshot

The aad tenant_id starts with 8d6, the application client_id starts with 226, and the app secret ends with Av2.

Is there anything wrong ... ? It looks like actually, Azure Functions handle only Cookies for the authentication, that's why it's working with the browser and not Postman. How can I make it works with the header Authorization / Bearer ?

Thanks for your help !

Answer 1

The way you got the access token is not correct. Just like @Marc said, in your Postman you are not specifying a resource or scope. The postman get new access token tool only has the scope parameter, so you should use the v2.0 endpoint to get the access token.

Auth URL:

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize

Access Token URL:

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

Scope:

{clientId}/.default