Project Online Authenticate OData Feed using Azure AD and Postman
I have recently spent a substantial amount of time determining how to authenticate an OData feed from Project Online using Azure AD and Postman. There are many posts in different forums about this, but I wasn't able to find a single post that gave a complete working example. Following is the method that I have used.
ASSIGN PERMISSIONS IN PROJECT ONLINE
Open Server Settings / Manage Groups.
Choose the Group that you want to allow to access the OData Feed and Ensure it has the Access Project Server Reporting Service under General in Global Permissions ticked.
CONFIGURE AZURE AD
Register a new app in Azure.
Define the Redirect Uri. (For postman, use https://oauth.pstmn.io/v1/callback)
Define a client secret
CONFIGURE POSTMAN
Create a new Request and define a Get query along the lines of the following. https://[Your Domain].sharepoint.com/sites/pwa/_api/ProjectData/Projects
This requests a list of projects.
Under params, add a new key accept = application/json if you want Json output. default is XML
Under Authorization Tab, choose the following:
- Type = OAuth 2.0
- Access Token = Available Tokens
- Header Prefix = Bearer
- Token Name = [Any Name you want]
- Grant Type = Authorization
- Code Callback URL = [tick Authorize Using Browser. This will then default to https://oauth.pstmn.io/v1/callback]
- Auth URL = https://login.microsoftonline.com/common/oauth2/v2.0/authorize
- Access Token URL = https://login.microsoftonline.com/common/oauth2/v2.0/token
- Client ID = [From Azure AD] Client Secret = [From Azure AD]
- Scope = https://[Your Tenant Name].sharepoint.com/ProjectWebAppReporting.Read
- State = [Anything you want]
- Client Authentication = Send client credentials in body.
If you enter all of this correctly and then press Get New Access Token, you should see a browser open, enter your credentials and then a token should return to Postman as shown in screenshots below. Press Use Token.
Note, if you are interested to see what the token contains, you can decode it at https://jwt.io/
At this point, press Send, run your query and confirm that the Body contains odata output.
EDIT NOTE:
I have made multiple adjustments to this answer as I identified and resolved multiple roadblocks that I encountered. It turned out to be quite simple in the end, but the key concept that was needed to get this right was that the Scope parameter needed to be targeted to the PWA site. ie. https://[your tenant name].sharepoint.com.au/user.read
- Ruby & IMAP - Accessing Office 365 with Oauth 2.0
- AuthorizedClientServiceOAuth2AuthorizedClientManager: accessToken cannot be null
- 3rd party cookies in Android 14/New Chrome using Angular/Firebase Auth/Hosting and NodeJs in Server
- Swift Discord OAuth2 redirect URi not supported by Client
- Apim policy to validat token for b2b and as well as b2c tenant token endpoints
- Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
- Google APIs Console - missing client secret
- Automating access token refreshing via interceptors in axios
- Supabase does not append code parameter to the redirect URL after OAuth login
- How/why is login page redirect required?
- Where can I find a list of scopes for Google's OAuth 2.0 API?
- Using ASP.Net Core Identity in parallel with OpenIdConnect OAuth2
- Spring security JWT without OAuth
- Add OAuth authentication for HTTP request triggers
- Get email, phone, etc from OAuth2 login
- BFF pattern for native apps in OAuth 2.0?
- Why is PKCE `code_verifier` calculated server-side in BFF pattern?
- Apache strips down "Authorization" header
- Fake Firebase Auth Tokens for Test Environment
- Access Not Configured for Google OAUTH Login
- Authenticating to Microsoft 365 SMTP servers via OAuth2 only works for users without MFA
- Getting user data through an Azure AD OAuth login - React Native Expo App
- Callback github URI with Oauth2 and Spring Boot 3.4.0 not found after authentication
- spring oauth client (v6.4.2): does not redirect to oauth-server
- NextJs: server component vs server action
- Why Does OAuth v2 Have Both Access and Refresh Tokens?
- Bot Framework Python SDK ErrorResponseException: Operation returned an invalid status code 'Unauthorized'
- DelegateAuthenticationProvider not found after updating Microsoft Graph
- How to generate and pass CSRF token for a route in spring cloud gateway with Spring Security
- How to set up an (Azure) OAuth2 application for personal Outlook.com accounts (Exchange) for usage with exchangelib?