AAD is simply a cloud-based authentication and identity system provided by Microsoft and enables you or other employees to sign in and access resources from different applications.
Incase you have been through the hustle that comes with getting AAD working for your system without much success then this article will make things right for you, just stick around and enjoy the party :)
To get started you need to have postman client installed and to have a Microsoft tenant.
First, head over to your tenant and register an app. Incase you are having trouble setting up an app then this 16 minute you-tube video below will come in handy. The only thing to add is a callback url and this can be anything of your choice but I would recommend using your localhost.
After registering the app make sure to copy Client-Id, Client secret, Callback url, Tenant Id and paste them in a sticky notepad or any notes app of your choice.
Now head over to your favorite browser and use the following link: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={your-client-id}&response_type=code&redirect_uri={your-callback-uri}&response_mode=query&scope=Sites.FullControl.All
Please remember to change your client id and redirect uri to match yours. I know you are wondering what the mumbo-jumbo this is. Well, this is just a link from which we will get a code for the following subsequent request. As you can see from the link we have a response type which is of type code which we require.
Copy paste the code to the notepad with details of our registered app.
The code needed for next steps.
The expected feedback from using the above link.
Once we have this link, open your postman or other client that can send request to a server and use this link: https://login.microsoftonline.com/{your-tenant-id}/oauth2/v2.0/authorize?client_id={your-client-id}&response_type=code&redirect_uri={your-callback-url}&response_mode=query&scope=Sites.FullControl.All
Please make sure to replace the tenant-id, client-id and callback url to point to yours. Then under authorization choose Oauth 2.0 as your type. Here you will be required to provide a few inputs. This inlude:
- Token: This is the code we acquired using your favorite browser remember?
- (See above)
- Grant Type: This simply is a method the application can gain access to Access token. There are a couple of them and since we want the application to gain access for a user we use “Authorization code”.
- Callback url: This is the url from the registered app.
- Auth url: This is an authorization endpoint provided by Microsoft. This is the link: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_mode=query
- Access token url: Also provided by Microsoft. The link is: https://login.microsoftonline.com/common/oauth2/v2.0/token
- Client_id: Paste the client id from your registered app.
- Client secret: This is also from your registered app.
- Scope: This provides set of permission for the resource you are trying to access. For my case it was set to .default because I wanted all privileges.
And with those set, initiate the Get New Access Token. You will be required to login to your account. After login, an access token will be provided for you in a pop-up. This access token you can use it to access other endpoints since you are now authenticated. And it’s that easy.
So go get it done and crack that code.