Use any account which is part of your Azure Active Directory user info and grant access, once completed you will get the access token window showing the returned access token with all other info. After closing the screen, click on “preview request” which adds the Authorization Headers to the request.The issues I encountered when trying to create new access token: AADSTS70002: The request body must contain the following parameter: ‘client_secret or client_assertion’.The expected JWS algorithm for securing the ID tokens issued to the client.The default JWS algorithm is RS256 which is a PKCS #1 signature using SHA-256. For some, such as Google Accounts, this is also the only supported one, as advertised in their Id P discovery JSON doc.I was working on a Web API and published the API to Azure App Service.I then enabled authentication and authorization using Azure Active Directory.Root Cause: A "Service Principal" is required to synchronize users from the Office 365 Azure Active Directory with Mail Store.
I then change the resource value as Application ID of the Web API as described above in step 2 and it worked fine.Postman is a great tool to test REST APIs, however, it was bit tricky to setup OAuth 2.0 to test the API.I am outlining steps here to set up OAuth 2.0 and use Postman correctly to test Web API on Azure.The Connect2id server supports additional RSA signatures as well as HMAC’ed ID tokens protected with the client secret.If an Open ID Provider supports multiple ID token crypto algorithms, the one which has been selected for the client at registration time must be used.RS256; URL jwk Set URL = new URL("https://idp.c2id.com/jwks.json"); // Create validator for signed ID tokens IDToken Validator validator = new IDToken Validator(iss, client ID, jws Alg, jwk Set URL); This ID token validator will automatically download the JWK set from the Id P and cache the keys to speed up processing.Open ID Providers may rotate keys (Google does it once per day), which will be detected by the validator, so you don’t have to worry about this.Solution: Please check with the "Get-Msol Service Principal Credential" command if the password of the "Service Principal" has expired:https://docs.microsoft.com/en-us/powershell/module/msonline/get-msolserviceprincipalcredential Use the name of the "Service Principal" that is configured in Mail Store to check the password.Example: command to create a new Password for the current "Service Principal":https://docs.microsoft.com/en-us/powershell/module/msonline/new-msolserviceprincipalcredential Replace the Value 'Pa$$w0rd' with your own password.To set it up follow the below steps: Here are all the parameter details to request the token successfully: Give any name for your reference to your token, You could see all the tokens later under Manage Token options.Select Authorization Code, to know about each of the grant type, refer to link https://org/html/rfc6749#page-8 Callback URL for an API app is the same as API address. Azure Active Directory - Scope is not a required parameter and can be left blank.