How to Get Azure ID Token using Postman?

In this post, we will get the Azure ID Token using the Postman with the help of the OpenID scope.

The ID token is the core extension that OpenID Connect makes to OAuth 2.0. ID tokens are issued by the authorization server and contain claims that carry information about the user.

For more information on the ID token, refer to the Microsoft Documentation.

Prerequisites

  1. Download Postman
  2. Service Principal in Azure – To know how to create a service principal, go through my post on Creating Service Principal using PowerShell.
  3. The user trying to get the id_token should not have enabled the Multifactor Authentication.

Set the Permission and Grant Admin Consent

Ask your Azure AD Admin to grant the Admin consent on the permissions we are going to set on the created Service Principal.

Go to the App Registrations in Azure Active Directory and click on the created Service Principal. Once opened, click on API Permissions under Manage.

Click on Add a permission.

Select Microsoft Graph.

Click on Delegated permissions.

Find the following permissions and select them –

  1. offline_access
  2. openid
  3. profile
  4. User.Read [Present under User dropdown]

Click on Add permission and ask your Admin to Grant the Admin consent.

Once the Admin Consent is provided, you will see a green tick against each of the permissions.

Getting id_token

Launch Postman, create a new POST request. Enter the following URL.

https://login.microsoftonline.com/{{tenantId}}/oauth2/v2.0/token

Make sure to replace {{tenantId}} with yours. You would have got the details when you created the Service Principal. Else, you can find these details from the Overview page of your Service Principal in Azure AD.

Under Headers, provide the following details. KEY = Content-Type, VALUE = application/x-www-form-urlencoded.

Under Body, mention the following details in the format of KEY – VALUE pairs.

  1. client_id – {{clientId}}
  2. scope – user.read openid profile offline_access
  3. client_secret – {{clientSecret}}
  4. username – your_username@your_company.com
  5. password – the user’s password
  6. grant_type – password

I am using the variable from the Environment in Postman. That is why you are seeing {{clientId}}, {{clientSecret}}. If you don’t want to use variables, then enter the details directly. To learn how to create an environment in Postman, refer to my post here.

Click on Send and see the response. Following is the response I got. It contains both access_token and id_token.

{
    "token_type": "Bearer",
    "scope": "openid profile User.Read email",
    "expires_in": 3599,
    "ext_expires_in": 3599,
    "access_token": "eyJ0eXAiOiJKV1QiLCJub25jZSI6IlNmWTN6TnR5SWEzLS1lMTUzZ1MxVVNGdklHTWRqYUdFVUZRWlJhM1AyaEEiLCJhbGciOiJSUzI1NiIsIng1dCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyIsImtpZCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTAwMDAtYzAwMC0wMDAwMDAwMDAwMDAiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9iY2U4ZjhiOS05YWJjLTQ4ZGItOThkNi01YWU4NGFhNzNkNzEvIiwiaWF0IjoxNjI2NjIyMTUyLCJuYmYiOjE2MjY2MjIxNTIsImV4cCI6MTYyNjYyNjA1MiwiYWNjdCI6MCwiYWNyIjoiMSIsImFjcnMiOlsidXJuOnVzZXI6cmVnaXN0ZXJzZWN1cml0eWluZm8iLCJ1cm46bWljcm9zb2Z0OnJlcTEiLCJ1cm46bWljcm9zb2Z0OnJlcTIiLCJ1cm46bWljcm9zb2Z0OnJlcTMiLCJjMSIsImMyIiwiYzMiLCJjNCIsImM1IiwiYzYiLCJjNyIsImM4IiwiYzkiLCJjMTAiLCJjMTEiLCJjMTIiLCJjMTMiLCJjMTQiLCJjMTUiLCJjMTYiLCJjMTciLCJjMTgiLCJjMTkiLCJjMjAiLCJjMjEiLCJjMjIiLCJjMjMiLCJjMjQiLCJjMjUiXSwiYWlvIjoiRTJaZ1lKaGNKUHdpWjhkdk5yZDIvUXBiNndsOTNsYjZwM1l0Vk9PMUNyclBKYUQ5dXdrQSIsImFtciI6WyJwd2QiXSwiYXBwX2Rpc3BsYXluYW1lIjoiaWR0b2tlbnRlc3QiLCJhcHBpZCI6IjVmZDFlOTI4LWRjYzItNDMwMC05YWMwLTA3MjY1MDhlMzk2ZSIsImFwcGlkYWNyIjoiMSIsImdpdmVuX25hbWUiOiJzdmNfYm90IiwiaWR0eXAiOiJ1c2VyIiwiaXBhZGRyIjoiMTA2LjIxMy4xNzAuMTkzIiwibmFtZSI6InN2Y19ib3QiLCJvaWQiOiI4Zjc0ZDc1Ny1mODQyLTQxZDYtODAyMC01OTAwYTQ5MGU0ODEiLCJwbGF0ZiI6IjE0IiwicHVpZCI6IjEwMDMyMDAxMzMxQ0QwNTAiLCJyaCI6IjAuQVhBQXVmam92THlhMjBpWTFscm9TcWM5Y1NqcDBWX0MzQUJEbXNBSEpsQ09PVzV3QU9rLiIsInNjcCI6Im9wZW5pZCBwcm9maWxlIFVzZXIuUmVhZCBlbWFpbCIsInN1YiI6ImprZnJoRDdoU1dTMXhnamxUUEtMaFcwbkx1YlBOMWRQUmJTZFhUQXpHSG8iLCJ0ZW5hbnRfcmVnaW9uX3Njb3BlIjoiQVMiLCJ0aWQiOiJiY2U4ZjhiOS05YWJjLTQ4ZGItOThkNi01YWU4NGFhNzNkNzEiLCJ1bmlxdWVfbmFtZSI6InN2Y19ib3RAaG90ZWxvcmlkZS5jb20iLCJ1cG4iOiJzdmNfYm90QGhvdGVsb3JpZGUuY29tIiwidXRpIjoib2RHS1pyZzFjRW1mTjdfTWJacUJBQSIsInZlciI6IjEuMCIsIndpZHMiOlsiYjc5ZmJmNGQtM2VmOS00Njg5LTgxNDMtNzZiMTk0ZTg1NTA5Il0sInhtc19zdCI6eyJzdWIiOiJiU2g2a1lxeERJc284QTRVZTZoMFpIRi1iUmRGeEFvcktHeEZsaXAwRzNBIn0sInhtc190Y2R0IjoxNjAzMDQ4NzEyfQ.H2iwBITwKTorVcjzggtY9ZZE9B7iHSvXxHrdYaXo4KCdBMdclqNnVspukm9KEc6lVy0Z3VJBem75ebzwCCNX5CsRchp-cqyEWgoA0Hj7PKdeL_BozW4bg10MA9TczryzIg7rbnrvCKNoWrhPOVArU8BJX2xWGH4YXBfqI69-l7SIEyyd6H8fKP2bJlL0xIWpbVue9SuKcKwsqit34eOQm39_P7tda1HOF6rxeW5Qd19n3CpqNguFtZK2hqwZS6KTFF7qbowFgu3MAitD3jY8fpclfrHV1HoknLV2kVn4-p_YVY-2kPq3BPAm2_fZd4Bk1YXlTWEs6Csmzc8h4dzy_Q",
    "refresh_token": "0.AXAAufjovLya20iY1lroSqc9cSjp0V_C3ABDmsAHJlCOOW5wAOk.AgABAAAAAAD--DLA3VO7QrddgJg7WevrAgDs_wQA9P_FzdeAuzG6SrrZvihrnbYOQmc-5PKcPk2SV2di-UHaUCDccm4hY-7tH1yo9Oh9WtNnWtutjMQ-M8fHxpAkAP1KCRaO8W6l8bQDMeFkE3Y5qhKM8I4CQfOeSi3Jx-3fXB66AFM3f-w1E-kiVmUmJxtJkHPCkt57Pi6gPr7BOcicp9Banq37oexn0xM5duC04uS9hRYiPJee0ZeNpFR0f-0QRVsyBKmAxrsN1pzrY4QqsuIl5eSFRJXpSsD9G8YOBxdbKeiEjw5HmmqsEieU2vHrKb0INmAEfUbcHwVWV7agRyi_E3PVp2WHXdW3f0eHkI3DKyM_kpr2zd55Jd0uJ8kP0CQ_e2Tq0bCHZlJYSUKrgDIGBX7nExk-XFKLTfIXGuuGIIVQ8rVZfNMW3IiwKSWeTPbyBk6pjh2RtEb6vzjPGbF112Gz-ioEc4AhUE9gCXeyyHMJ_8QFzh4630jxKBwfFsYbVHcKjtEtjDDZi1VpCoskV-vuufSvBBm4ZeH25x7DoEsah5X3_Od9y0HAblyS6vseW1nnabV-oeRrEcIlP-KQfpv-kl1TuSxCXmqo2m9KcjEnDJgBF2qlfnnTvEJXknSTiehHQA-MdTeAeFkNnd0EbObNFbYKwleUbCOoDdWBVX-y18nXpTGXfhIWcE6z6xBHXy7jPqj0E2L0bF7UnXSDua4QNdpsvSjp7qKqlXPTQEveNZmJa5l5MNQBiIG6VBs-oMwKjydfdH14PRPGWd8c6PMrWbeDaluj-McYNDhuNcMWD1iOwjHvo3yNA2dfxcKxC0GANDShG4QgtK1ldCUzMn4wDBdwxVR_jFNylXQgZXjfO0PHBQiM9KEp2O6giwhVupzezd69AxnETU6B3w0MIZAfuH6cJS7LS3sTPEyvazyzjLebJ2aAVdwbSZAq13qBQJg3aasyowRJ",
    "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyJ9.eyJhdWQiOiI1ZmQxZTkyOC1kY2MyLTQzMDAtOWFjMC0wNzI2NTA4ZTM5NmUiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vYmNlOGY4YjktOWFiYy00OGRiLTk4ZDYtNWFlODRhYTczZDcxL3YyLjAiLCJpYXQiOjE2MjY2MjIxNTIsIm5iZiI6MTYyNjYyMjE1MiwiZXhwIjoxNjI2NjI2MDUyLCJuYW1lIjoic3ZjX2JvdCIsIm9pZCI6IjhmNzRkNzU3LWY4NDItNDFkNi04MDIwLTU5MDBhNDkwZTQ4MSIsInByZWZlcnJlZF91c2VybmFtZSI6InN2Y19ib3RAaG90ZWxvcmlkZS5jb20iLCJyaCI6IjAuQVhBQXVmam92THlhMjBpWTFscm9TcWM5Y1NqcDBWX0MzQUJEbXNBSEpsQ09PVzV3QU9rLiIsInN1YiI6ImJTaDZrWXF4RElzbzhBNFVlNmgwWkhGLWJSZEZ4QW9yS0d4RmxpcDBHM0EiLCJ0aWQiOiJiY2U4ZjhiOS05YWJjLTQ4ZGItOThkNi01YWU4NGFhNzNkNzEiLCJ1dGkiOiJvZEdLWnJnMWNFbWZON19NYlpxQkFBIiwidmVyIjoiMi4wIn0.K09k7xYFRG216AldPHvykQVXbVCkflzb7PtdidzBaQyqzV1FD0hIly778Dv4rOR7F47zdbXLkulwsvBOOXd-W8gb21e6X5xwwU_HwbU0c3X_TZKMqgK9XFWI95VsZgmHywNC7xKKu8ig6whjfyBxs3yjbIUAToH-DyPrcwwhJd1dk9l4ObRsamj7LyYCNXxijA9EhOrn6ffTvC42HYIhFqTqVWA0eGnFEY6iLH6TtxmKjrbl3uRa8KwBoxVRry8lNOzvAiDJq9dpNo0yd2XY7dPJvhRNBm2XMTXOTO8n_qZ71IppkwAX7Lep1LZbQ4ClZ7EKJEW70g_AH4lQWnk-fg"
}

Thank you All!!! Hope you find this useful.

If you liked our content and it was helpful, you can buy us a coffee or a pizza. Thank you so much.

One thought on “How to Get Azure ID Token using Postman?

Add yours

  1. Pingback: How to get Azure ID Token using C#? - JD Bots

Up ↑

%d bloggers like this: