djangoazuredjango-rest-frameworkpostmanadfs

Issue with Django API Authentication Using Azure AD and Postman


I have set up a django project using the django_auth_adfs library to use the Azure Active Directory for the authentication phase. I have set up its API using rest_framework and now, I am trying to send requests to it using Postman. My problem is that if I send a request with or without an access token, my result is nothing but the raw html code of the Microsoft login page. I used this link for generating my access token:

https://dev.to/425show/calling-an-azure-ad-secured-api-with-postman-22co

I tried different API Permissions for my Azure App such as Azure Active Directory Graph, Microsoft Graph, and one under my own project name which comes from the one I configured as a scope in the Expose an API. Also I wonder if the company should grant access to the api I configured in the Expose an API?

This is the Result I get and this is my postman environment. During the token registration, I am prompt to login using my username, password, and the authentication code sent to my phone, and then, the token is generated successfully. However, I am still getting the login page, although I am using the token in my headers. Also about the django ad configuration, it works fine. People can login and logout using their Microsoft accounts, so the problem should not be there.


Solution

  • Steps to authenticating Django API using Azure Active Directory (AD) and accessing it via Postman.

    Create an application in App registrations of Microsoft Entra ID.Choose Supported account types as Microsoft Entra ID tenant - Multitenant and personal Microsoft accounts for api.

    enter image description here

    Add a scope in Expose an API by selecting consent as Admins and users as shown in the below image. enter image description here

    enter image description here

    Use Instance ,ClientId and TenantId in Django API .

     "Instance": "https://login.microsoftonline.com/",
     "ClientId": "18", //Application (Client) ID from 'Catalogue.Api' app registration overview blade
     "TenantId": "932" // Tenant ID from '.Catalogue.Api' app registration overview blade
    

    https://www.postman.com/oauth2/callback

    enter image description here

    Select Access tokens ,ID tokens in Authentication and save it. enter image description here

    In postman application add API permissions for Api app which you have created.

    enter image description here

    Select Delegated permissions and Permissions of api and add permission. enter image description here

    enter image description here

    enter image description here enter image description here

    enter image description here

    enter image description here

      Callback URL:  {{callbackUrl}}
      Auth URL:  https://login.microsoftonline.com/{{tenantid}}/oauth2/v2.0/authorize
      Token URL : https://login.microsoftonline.com/{{tenantid}}/oauth2/v2.0/token
      Client ID :  {{clientId}}
      Client Secret :  {{clientSecret}}
      Scope:  {{scope}}
    

    enter image description here

    enter image description here

    enter image description here

    Replace the Django API Url and send the request.

    enter image description here