Search code examples
javascriptazurepostmanazure-managed-identityazure-node-sdk

Get Azure REST access token in Postman pre-request script

Does anyone know what is the best way to get Azure access token in Postman pre-request script? Trying to get the token for current logged in user without having to create a service principal, which is described in How to Call the Azure REST APIs with Postman In No Time Flat.

I tried in the pre-request script:

var msRestAzure = require('ms-rest-azure');
function getAccessToken(){
    return msRestAzure.loginWithAppServiceMSI({resource: 'https://management.azure.com/'});
}
pm.globals.set("access_token", getAccessToken());

But it keeps throwing error: There was an error in evaluating the Pre-request Script: Error: Cannot find module 'ms-rest-azure'. Screenshot below: enter image description here

Solution

  • The loginWithAppServiceMSI need to be used in the app service, it will use the Managed Identity of the app service to get the token, in the Postman pre-request script, it does not support to use it.

    I have restricted access and unable to create service principal that has the access I need. Want to test locally with my credentials.

    In this case, if you want to use your user credentials to get the token in the pre-request script, your option is to use the Azure AD ROPC flow.

    Note:

    1. The ROPC flow is not recommended due to the security issue, you need to expose the username and password in the postman, and if your user account is MFA-enabled, it will not work.

    2. To use this flow, you also need an AD App(App registration), if you don't have the permission to create one, the workaround is to use a Microsoft built-in Application e.g. Microsoft Azure PowerShell, you can use this way to have a test, but I don't recommend you to use it in the production environment.

    Please follow the steps:

    1.Change the pre-request script in the postman collection like below.

    pm.sendRequest({
    url: 'https://login.microsoftonline.com/' + pm.variables.get("tenantId") + '/oauth2/token',
    method: 'POST',
    header: 'Content-Type: application/x-www-form-urlencoded',
    body: {
        mode: 'urlencoded',
        urlencoded: [ 
            {key: "grant_type", value: "password", disabled: false},
            {key: "client_id", value: pm.variables.get("clientId"), disabled: false},
            {key: "username", value: pm.variables.get("username"), disabled: false},
            {key: "resource", value: pm.variables.get("resource"), disabled: false},
            {key: "password", value: pm.variables.get("password"), disabled: false}
        ]
    }
}, function (err, res) {
    pm.globals.set("bearerToken", res.json().access_token);
});

    2.Use the Variables like below.

    clientId
resource
subscriptionId
tenantId
username
password

    Note: The clientId is 1950a258-227b-4e31-a9cf-717495945fc2, which is the clientId of the Microsoft Application Microsoft Azure PowerShell, don't change it.

    enter image description here

    3.The other settings are the same as the blog you provided, then send the request to get the resource groups, it works fine on my side.

    enter image description here