Reputation: 1686
Can I get the token through url fragement such as clientId etc. in azure directly?
Say I have clientId, tenantId, tokenType, redirectUri etc in azure. Can I use those parameters to get access token directly?
I know there is a way which is to combine them together to create a long string.
const url = 'https://login.microsoft.com/'+ tenantId+'/oauth2/v2.0/authorize?client_id='+clientId+'response_type=id_token&redirect_uri=window.location.origin&response_mode=fragment&scope=openid&state=11111&nonce=11111';
Then I open a new window
window.open(url, '_self');
Once the new window pops up, the url is pretty long. It contains the token and idtoken all the information.
But I don't want to use this way because expose the token in uri is a bad thing. I want to use clientId etc to get the url fragment in the code directly. I guess that msal internal hacks it but just not sure.
UPDATE:
I meant that I put the long string in POSTMAN post request even set response_mode=form_post then click send button but I just got a bunch of HTML. Is that the correct way to do that?
Upvotes: 1
Views: 1508
Answers (3)
Reputation: 9569
Implicit flow is usually used in single-page applications. If you are not using a single-page application, using this flow will not make sense.
The auth code flow can only obtain the authorization code in the browser, and then use the authorization code to redeem the token in postman. The auth code flow does not support obtaining tokens directly in the browser address bar, so in your question, you should use the interactive login auth code flow.
1.Request an authorization code in the browser.
https://login.microsoftonline.com/{tenant id}/oauth2/v2.0/authorize?
client_id={client app client id}
&response_type=code
&redirect_uri={redirect_uri}
&response_mode=query
&scope=https://graph.microsoft.com/.default
&state=12345
2.Redeem token in postman.
Upvotes: 0
Reputation: 1686
Get the answer by myself. https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow
Click postman in the url, replace some parameters. The token will be displayed in the redirecturi address bar. But it is not good since it is implict flow.
Upvotes: 0
Reputation: 42
You can try using response_mode=form_post, access_token , id_token will be sent as post parameter to redirect url. Since tokens are part of post parameters it is not part of url but request body. You can use developer tool to see http trace of the request.
Upvotes: 1
Related Questions
- Get Azure Authentication token from user/password - no clientId given
- Get Azure Active Directory Token with username and password
- Azure get access token via javascript
- Can we use Azure AD and issue our own token to client side?
- ASP.NET Web API - How to acquire access token in Azure AD's token URL
- Getting Azure active directory token javascript
- Acquire token with MSAL.Net using client secret instead of user credentials
- How to get Azure access token using client secret in MSAL?
- Using MSAL to get tokens without using MSAL to sign in
- Azure Active Directory Access Token from Id Token