Not seeing any way to clear user signin used for authorization | Get New Access Token

authentication
#1

I followed the instructions at https://www.bruttin.com/2017/11/21/azure-api-postman.html for details on how to configured authorization | “Get New Access Token” dialog to acquire azure active directory [azuread] oauth token for a given public client app to talk to a specific backend web api.

The first time I did this a credentials collection dialog popped up during which I provided my azuread organization / work or school account [wsa] credentials or a valid microsoft account [msa] given the public client app was configured to allow both types of signins.

All the tokens acquired have the claimset associated with that user I initially signed in with. I’ve not found any way to clear that seemingly cached signin in order to test using tokens acquired with the claimset of a different test user.

How do I flush the cached signin so I can use a different account?

0 Likes

#2

Hey @myusrn, can you check whether you have a computed Authorization header added to your requests in the Headers tab in Postman, that might be causing the issue.

If that is not the case, can you describe your flow a little better?

0 Likes

#3

@deepak.pathania i’m not sure how I would determine if I have “a computed Authorization header added to your/my requests in the Headers tab in Postman”.

In the Authorization tab I followed the steps outlined in the url I shared in original post where “Get new access token” makes use of Grant Type = Authorization Code settings when I hit “Request Token” in that dialog.

I than use the Type = OAuth 2.0" and Add authorization data to = “Request Headers” section settings to cause “Preview Request” button to insert the recently acquired token into the Headers tab as a Key = “Authorization” and Value = "Bearer " setting.

The question I have is how to I get back into the state where the Authorization tab’s “Get New Access Token” will prompt me for username & password credentials versus what appears a cached version of those credentials so I can use alternative credentials for the token acquisition?

0 Likes

#4

Hey @myusrn, the Authorization key with Bearer value is what I was referring to in my answer. Any request you make with that header would use the cached signin you mentioned since that header is used in the requests.

There is no explicit prompt that will ask you to re enter credentials, if you need to use a different user’s creds, you’ll have to follow the steps you initially followed and preview request again to use that user’s account.

Hope this helps.

0 Likes

#5

Hi @deepak.pathania thanks for the followup. I am seeing nothing in the instructions at https://www.bruttin.com/2017/11/21/azure-api-postman.html outlining how to fill out the postman “Get New Access Token” dialog that details how you get it to prompt you for user principal credentials again. Am i overlooking something obvious?

0 Likes

#6

This might help.

0 Likes