CODEWITHSUNDEEP
azure-active-directory
Roesmi
Roesmi

Reputation: 508

Get Access Token from Azure Active Directory using username and password

I am trying to create a POF with Azure Active Directory because I am planning to use it later in a production application.

In Microsoft docs, the only way I found to login is being redirected to the microsoft page to provide username and password.

Is there some API I can use to get the access token providing username and password? and I can test it, for instance, using postman.

Upvotes: 1

Views: 9054

Answers (2)

Sruthi J
Sruthi J

Reputation: 1602

As you are looking to get an access token by sending the username and password

you can go with a postman or a curl operation

POST {tenant}/oauth2/v2.0/token
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded

client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&scope=user.read%20openid%20profile%20offline_access
&[email protected]
&password=SuperS3cret
&grant_type=password

enter image description here

curl -X POST -d "client_id=clientid&scope=user.read&grant_type=password&username=username&password=Password" https://login.microsoftonline.com/tenantid/oauth2/v2.0/token

Note :Microsoft recommends you do not use the ROPC flow. In most scenarios, more secure alternatives are available and recommended. This flow requires a very high degree of trust in the application, and carries risks which are not present in other flows. You should only use this flow when other more secure flows can't be used.

Upvotes: 1

unknown
unknown

Reputation: 7473

You could use Resource Owner Password Credentials(ROPC) flow to get access token. See the Important first to make sure you could use it in your application.

  • The Microsoft identity platform endpoint only supports ROPC for Azure AD tenants, not personal accounts. This means that you must use a tenant-specific endpoint (https://login.microsoftonline.com/{TenantId_or_Name}) or the organizations endpoint.
  • Personal accounts that are invited to an Azure AD tenant can't use ROPC.
  • Accounts that don't have passwords can't sign in through ROPC. For this scenario, we recommend that you use a different flow for your app instead.
  • If users need to use multi-factor authentication (MFA) to log in to the application, they will be blocked instead.
  • ROPC is not supported in hybrid identity federation scenarios (for example, Azure AD and ADFS used to authenticate on-premises accounts). If users are full-page redirected to an on-premises identity providers, Azure AD is not able to test the username and password against that identity provider. Pass-through authentication is supported with ROPC, however.

Try executing this request to obtain access token.

POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

client_id=<your-app-id>
&scope=<scopes-in-api-permissions>
&username=<username>
&password=<password>
&grant_type=password

Upvotes: 2

Related Questions