How to connect to SharePoint in Postman using user id and password instead of client id and client secret?

Question

I want to connect to SharePoint by using username@company.com and password instead of client id and client secret. Do I need to get any authorization for my ID? If yes, how to get? I know the process for fetching authorization for client ID and client secret.

In this URL: https://{tenant}.sharepoint.com/sites/{sitename}/_layouts/15/user.aspx

I add my user id and password with permission levels as "Full control".

But in this URL: https://{tenant}.sharepoint.com/sites/{sitename}/_layouts/15/appprincipals.aspx

I am able to see only client id and client secret. Not my user id.

When I send POST request using Postman it is giving me "error": "unsupported_grant_type".

Postman Inputs:

POST https://accounts.accesscontrol.windows.net/{tenant_id}/tokens/OAuth/2


Headers
Content-Type : application/x-www-form-urlencoded

Body (x-www-form-urlencoded)
grant_type: password
username: username@company.com
password: password
resource:00000003-0000-0ff1-ce00-000000000000/{tenant}.sharepoint.com@{tenant_id}

Answer 1

SharePoint rest api does not support "Password Grant Flow". You can either use "Client Credentials Flow" or "Implicit Flow". 

If you want to allow users to use their username & password, Use implicit flow.

NOTE: User will always require to sign in to get access token. You can not simply pass username and password with post request.

Here is the complete guide for configuring azure ad app for implicit flow : https://frankchen2016.medium.com/how-to-access-the-spo-rest-api-using-implicit-authentication-flow-40d65750554f