Performing Azure AD OAuth2 Authorization Code Grant flow with PKCE in PostMan

Proof Key for Code Exchange (PKCE) is a mechanism, typically used together with an OAuth2 Authorization Code Grant flow to provide an enhanced level of security when authenticating to an Identity Provider (IDP) to get an access token. In fact for Single Page Applications (SPA), Authorization Code Grant flow with PKCE is now the recommended OAuth2 authentication protocol over its predecessor, the Implicit Grant flow, for acquiring an access token.…

Read More

Using Postman to call the Microsoft Graph API using Authorization Code Flow

Introduction This article will help guide you through utilizing Postman to call a Microsoft Graph Call using the authorization code flow. This is part of a 5 part blog on accessing the Microsoft Graph API utilizing grant types : authorization code, implicit flow, client credentials, password, and refresh token flow. We will be utilizing the same Microsoft Graph call to reduce extraneous details on having to include setting up and…

Read More