Setting Azure AD B2C Authentication in Postman

Azure AD B2C has been so far good, mostly because of the 50k free user authentication 😇, also it just works. The problem I had using B2C with backend was acquiring and testing tokens in development.

Yes, Azure AD B2C has Resource Owner Password Credential (ROPC) flow that allows you to get tokens by just posting your username and password, but they don’t recommend it. Though, I have been using that locally to get the tokens.

With the new update of Postman (version 8+), it's easy to set OAuth 2.0 based authentication.

So, let's set it up.

Setup Azure AD B2C

Note: This article assumes that you have basic knowledge about OAuth 2.0 and Azure AD B2C

Before we get the tokens, we should tell Azure AD B2C that we want to authenticate using Authorisation code flow with Proof Key for Code Exchanged (PKCE).

At the time of writing this article, Azure AD B2C supports the following platforms:

  1. Web
  2. Single-page application
  3. Mobile and desktop application
  4. iOS/macOS
  5. Android
  6. Mobile and desktop application

For web applications you need client security code because as far as I have tested it, it doesn’t work with PKCE. I chose — Mobile and desktop application — because Postman is a desktop application. Let’s add a platform first:

  1. In Azure AD B2C directory, select — App registrations - from the left menu
  2. Under Owned applications tab, select your application.
  3. From the left menu, under Manage section, select Authentication
  4. Under — Platform configurations — click on Add a platform. This should open a drawer from right.
Add a new platform

select the — Mobile and desktop applications.

5. According to their documentation, the callback URL should be —, add that and click Configure.

Adding callback URL (callback URL has changed, this is an old image)

This will create the appropriate platform.

6. Also, in the same page, under Implicit grant and hybrid flows, make sure Access tokens and ID tokens are ticked.

Enable grants

Setup Postman

At this point make sure you know your endpoints for — authorize and token, mine is:

Let's setup OAuth 2.0:

Go to collection setting, click on Authorization tab, and do the following:

Configure New Token


Screenshot of Postman authentication setup


These steps should be similar to other OAuth providers. Do give it a try and let me know if there is a space for improvements. I hope this article helps you in your development.

Originally published at:




PhD student, currently doing research on Spiking Neural Networks and Brain Computer Interfaces

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Hackathon — generate and develop innovative ideas for the financial world together!

Fire fighting, the Volatile playground

Going all in on Remote Work

Before it became a class, it was an object

Concerns about “Flux Standard Action” (FSA)

Solve WORDLE in 4 guesses or less

Some thoughts on project scheduling

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Akshay Gollahalli

Akshay Gollahalli

PhD student, currently doing research on Spiking Neural Networks and Brain Computer Interfaces

More from Medium

OAuth 2.0 explaining with simple example.

Execute query to MS SQL database on Azure with Node.js

Installing and Configuring InnoDB Cluster

Dockerize Your Selenium Grid Setup