Friday, 11 February 2022

AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access

 How to Get Access Token from Postman when you have an MFA enabled in the AD


First, Let's learn how to get an access token if MFA is not enabled.
To get the token you need to pass the below parameters.

  • grant_type (password - hard code)
  • client_id
  • client_secret
  • scope (user.read)
  • username (AD username)
  • password (AD password)


For TenantId, ClientId and Client_Secret. You can log in to the Azure portal and then the Azure active directory --> App Registrations --> Check your app registration or add new registration.

















Once you call this method, you will get the access token.

Note: If MFA is enabled then you will get the below error.
















To solve this issue, you need to follow the steps below.

Step 1: You need to open the URL in the browser mentioned below. Make sure to add your tenantId, clientId, and redirect URL. Redirect URL, you can set any value in the redirect URL in App Registration of Azure Portal and pass the same redirect URL here.

https://login.microsoftonline.com/{{tenantId}}/oauth2/v2.0/authorize?
client_id={{clientId}}
&response_type=code
&redirect_uri=https://localhost:44321/
&response_mode=query
&scope=https://graph.microsoft.com/User.Read
&state=12345






The snapshot below explains that you can get a set redirect URL in App Registration.












Step 2: Copy the URL and paste it into the notepad. You will see this URL has 3 parameters 
  • Code
  • State
  • Session_state

Copy only the code part.


https://localhost:44321/?code=0.AUUAV8CEcnhAcEGSwBvLEcVSaUBShxdFPBtDqBWzMDbIrtRFAH4.AQABAAIAAAD--DLA3VO7QrddgJg7WevrOJWL51jAIIL76f1jPOMwfGpCGDOkHmxnYhixC2A4SFRJE5cf_AOpaELqjrxJA-MbPvCIBDfWLZtjo2zVw2AQ2CfagTN2gMsErjuSsTzsFNwg7AGEMBZ1D_hpekpVjwS7OpliDUAL1iS4fiUq0iWWbDZNohQFFtQbgmKLh-EKCuyFRyqMSiZZPOW20S6J-6r6TCB-SPMEG7RrlsWaXMxLuSJpripTV9_4FlXJg0oZmvogiGmuVQ9U1ckhTsMZmFps4F-3PNxEZRXAvLFEbDQPP5KnB8zGKGB_px5B5m1NTDkKhck9-WW0yTVeJiuyTmbtofvu1exYQLJv8we6F11rUaEG6ogtW6qAZQbOElIrtNQ_aYQ5Gkd9KUnJNFOFGmtEsVXAhxVfFZ6uFLio6TzjcDm12u_CUNeewDCrR5QuOK1JrDeq2yjHx3lD-h0SMAFD6CG5K6vqpwgv7MqVPONJas09AvD3rQpoFgpGuSF997NJiCguYPkXpW6fYYH9-1aJE9Qob3GGzlcSCTO0OBseN95oprKTT4246scT-_VsOXMca36bgPOsNDPMRfxTy9nSZaZmugJDxlijfKEUXcYbFtUZjKD2Cz3OQC1rGJF03db7cOdYuRGCSTy-C28CnYikIAA&state=12345&session_state=9e429398-8f47-4210-a2b4-72866178d144#


Step 3: Call the endpoint again in the postman. This time parameters are different. We need to pass below 5 parameters. The code parameter is where we need to paste that code.

  • grant_type (authorization_code - hard code)
  • client_id
  • client_secret
  • code (authorization code that you recently get from the browser)
  • redirect_uri (same that you passed in the above parameter)













Once you send the request, you can see you have an access token.






















Now you have your access token. I hope you like the article. Thank you.

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Implement Authorization in Swagger with Static Value in Header .Net 8

If you want an anonymous user should not run the APIs. To run your API Endpoints From Swagger / Postman / Code the user should pass the head...