I have been stuck for days trying to secure an API with Azure AD and the documentation out on the internet is HORRIBLE regarding this topic. This video was the single easiest, most straight forward explanation I have found. Thank you very much for recording this.
Thank you for providing an excellent and clear explanation! Your explanation was thorough, easy to understand, and it covered all the important points. It's evident that you have a deep understanding of the topic and are able to articulate it effectively. Your clarity and attention to detail make it much easier for others to grasp the concepts you're explaining. Well done!
Just the exact steps I have been looking for Thank you. My specific scenario is a server to server call which means that calling client server should not get the Microsoft credentials popup screen. It should just return with Unauthorized.
What I'm looking for is exactly delivered by you. Thanks sir. By the way, can u also show how does we handle token generation and redirection in fronted so that it should behave like SSO without even asking for credentials once we login into the laptop, it should use those
Hi, It is asking for Microsoft credentials and user consent on calling access token api. Is there a way to avoid this as I would be calling the access token api from Java code. Also, let's suppose if the application calling this api is on-premise, then the client app should be created on client's subscription right ?
Hello - do you have the solution to your question? I need to call my API via Java as well and I don't want any popups to happen and ask for microsoft login window. Thanks.
Hi Nejc, Thanks for your comment. Please check this page for the explanation. I created this video to show how to setup the Azure AD application and test it using Postman. It's not to advocate a particular approach.
This was a good video. Is there a way we can pass the username and password (in some sort of json file or any other way) so that the screen for authentication doesn't pop-up. The reason i ask for this is i need to merge the api call in my code base please.
Hello - do you have the solution to your question? I need to call my API via Java as well and I don't want any popups to happen and ask for microsoft login window. Thanks.
If I add multiple scopes in host app and give permissions to those scopes in client app and then if I request the token with specific scope still it returns all the scopes in token instead of specific scope which is requested while generating token. Please let me know what can be possible fix.
Hi Pinkesh, In case of multiple scopes, if you ask for any scope and you approve it then it will always returned even if you have not asked for it. Eventually once you have approved all the scopes token will contain all the scopes. Let's suppose you have two scopes ScopeA and ScopeB. If in the first token you have only ask for ScopeA then token would contain only ScopeA. In the next request if you ask for ScopeB then you will get both the scopes. So it works incrementally. I hope it will answer your query. Thanks
I am stuck at a point where my client app is successfully integrated with azure ad and I couldn’t do the same with the backend. Could you please help me with that ?
Hi , i did all the steps as you did but I'm getting this error , I don't know if you can help We're unable to complete your request invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application.
Hi Tech Dev Sleep ,Please check the *Redirect URIs* in Azure AD App registration for Gherkin.Catalogue.PostmanClient and Postman environment's *callbackUrl* variable value. It should be exactly the same. In the video, it is getpostman.com/oauth2/callbackurl copy paste this url in both places to make sure they are same. It should resolve the issue. Please let me know if you still have problem.
This was a good video to watch after reading all those MSDN documents, Thanks.
I have been stuck for days trying to secure an API with Azure AD and the documentation out on the internet is HORRIBLE regarding this topic. This video was the single easiest, most straight forward explanation I have found. Thank you very much for recording this.
I was not able to do the API test, but after doing the step by step according to your video I managed. Thanks!
Thank you for providing an excellent and clear explanation! Your explanation was thorough, easy to understand, and it covered all the important points. It's evident that you have a deep understanding of the topic and are able to articulate it effectively. Your clarity and attention to detail make it much easier for others to grasp the concepts you're explaining. Well done!
Good video. Short and descriptive .
Just the exact steps I have been looking for Thank you. My specific scenario is a server to server call which means that calling client server should not get the Microsoft credentials popup screen. It should just return with Unauthorized.
Good job! Very simple and easy to follow!
Very good information.
Good Job! I was following your tutorial step by step and it worked like a charm. Very simple and easy to follow, thank you!
Very good explanation
Very nice. Thank you!
Thank you for sharing!
Thanks Man. You saved my life..
thank you its helpful
Thanks, very helpful
Good one.... to the point
What I'm looking for is exactly delivered by you. Thanks sir. By the way, can u also show how does we handle token generation and redirection in fronted so that it should behave like SSO without even asking for credentials once we login into the laptop, it should use those
Hi,
It is asking for Microsoft credentials and user consent on calling access token api.
Is there a way to avoid this as I would be calling the access token api from Java code.
Also, let's suppose if the application calling this api is on-premise, then the client app should be created on client's subscription right ?
Hello - do you have the solution to your question? I need to call my API via Java as well and I don't want any popups to happen and ask for microsoft login window. Thanks.
Nice video!
Nice video! However, is there a particular reason to still use the implicit flow instead of authorization code?
Hi Nejc, Thanks for your comment.
Please check this page for the explanation. I created this video to show how to setup the Azure AD application and test it using Postman. It's not to advocate a particular approach.
What does it mean if you couldn’t connect to the backend api even with the access token from the postman?
how did you create solution? please provide details what is magic in solution?
This was a good video. Is there a way we can pass the username and password (in some sort of json file or any other way) so that the screen for authentication doesn't pop-up. The reason i ask for this is i need to merge the api call in my code base please.
Hello - do you have the solution to your question? I need to call my API via Java as well and I don't want any popups to happen and ask for microsoft login window. Thanks.
If I add multiple scopes in host app and give permissions to those scopes in client app and then if I request the token with specific scope still it returns all the scopes in token instead of specific scope which is requested while generating token. Please let me know what can be possible fix.
Hi Pinkesh,
In case of multiple scopes, if you ask for any scope and you approve it then it will always returned even if you have not asked for it. Eventually once you have approved all the scopes token will contain all the scopes.
Let's suppose you have two scopes ScopeA and ScopeB. If in the first token you have only ask for ScopeA then token would contain only ScopeA. In the next request if you ask for ScopeB then you will get both the scopes. So it works incrementally. I hope it will answer your query.
Thanks
thank you
good
Thank you my friend I was missing BEARER word in front of token, spent hours debugging
Happy that it helped.
I am stuck at a point where my client app is successfully integrated with azure ad and I couldn’t do the same with the backend. Could you please help me with that ?
Hi Bindu, Please let me know the error details.
Thanks.
Hi , i did all the steps as you did but I'm getting this error , I don't know if you can help
We're unable to complete your request
invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application.
Hi Tech Dev Sleep ,Please check the *Redirect URIs* in Azure AD App registration for Gherkin.Catalogue.PostmanClient and Postman environment's *callbackUrl* variable value. It should be exactly the same. In the video, it is getpostman.com/oauth2/callbackurl copy paste this url in both places to make sure they are same. It should resolve the issue. Please let me know if you still have problem.