why redirect Url is needed when setting up Postman with the Microsoft Graph API

Question

According document here , redirect URI is needed.

5. Set the Redirect URI to https://oauth.pstmn.io/v1/browser-callback.

When you use browser to access and run b2c policy, redirect URL(normally your application) will be used to receive id token/authCode. But I don't think people will use postman to do that. Instead, postman only use client secretes to gets token directly by calling https://login.microsoftonline.com/%7B%7BTenantID%7D}/oauth2/v2.0/token

I feel Azure document is very confusing.

Answer 1

Note that: Postman supports both user interactive and non-interactive flows.

For user interactive flows, to authenticate with the browser you need to set a callback URL as https://oauth.pstmn.io/v1/browser-callback.

Hence if you are choosing user interactive flow according to this MsDoc you need to configure the redirect URL in the application like below:

You can also set/customize redirect URL based on your requirement:

If you are making use of non-user interactive flow such as client credential flow, then there is no need to configure redirect URL:

References:

OAuth 2.0 client credentials flow on the Microsoft identity platform - Microsoft identity platform | Microsoft

Authenticate with OAuth 2.0 authentication in Postman