Validating Client ID And Client Secret Using POSTMAN

Introduction

When an app is registered in Azure AD, when using Client Credentials flow it needs to be added with client ID and client Secret for authentication and authorization. Note that the validity of the client credentials (Client ID and Client Secret) can be configured to a minimum of 6 months and extended to 3 years. More about creating an Azure AD App can be found in the references section. The scope of this article is to validate if the Client ID and Client Secret are valid and checking that App can perform the operations defined in scope. We will test using GET, POST and DELETE operations uisng POSTMAN. 

In the article, we will go through one of the App registrations in Azure and verify the scope and permissions and validate the Client ID and Client Secret. Thanks to my colleague Sujit Nambiar for helping in writing this article and troubleshooting the issues that came across. 

Validating Azure AD App

We will go through the below steps to examine the details of Azure AD app, where we need to test it using POSTMAN tool.

Step 1

Login to https://aad.portal.azure.com - Azure Active Directory and click on ‘Application Registrations’.

Step 2

Look for the Application that you need the details for. In my case below are the details that we can get following details

• Client ID
• Tenant ID

Note: Client Secret value is only shown during the time of creation under ‘certificates and secrets. After you navigate away then the client secret is hidden and shown as secure text.

Step 3

Review the API permissions for the app and make sure it has required scopes configured and have the admin consent granted.

As shown in screen capture it has following application permissions defined. This is sufficient to create a channel and delete a channel using Graph API endpoints.

• Channel.Create
• Channel.Delete.All

These steps conclude with the verifying Enterprise Azure AD App, and then validating the Azure AD App details.

Testing using POSTMAN

In this section, we will use POSTMAN tool to test the Graph API End Points using the above Azure AD App details.

Step 1

Open the POSTMAN tool from your machine. Please refer to references section on how to install POSTMAN on windows 10.

Step 2

From the home page, go to a workspace. You can go to any workspace. For this article, I am going to ‘My Workspace’.

Step 3

In the next page, try to create a new collection by clicking on + sign. It is easy to refer to the operation we performed for future references. This step is not mandatory but encouraged.

Step 4

Rename the collection as ‘Teams Channel API Test’.

Step 5

In the next step, click on ‘Add a request’ link.

Step 6

Now rename the request to ‘Create Channel’. The graph endpoint to create the channel is

https://graph.microsoft.com/v1.0/teams/{TEAMID}/channels

The request type is ‘POST’.

Step 7

Now it is required to get a Team ID where the channel needs to be created. The simple option is to go to Graph Explorer https://developer.microsoft.com/en-us/graph/graph-explorer and see where you have been added as owner or member. For this you can login to graph explorer with your organization ID and look for sample query call ‘my joined teams’.

Step 8

On success it should give you 200 responses, then look for “id” property in the “value” array. In this case, I am taking the ID of a test time called ‘QAVinay’ where I am a member. The ID property can be found from the JSON response.

Step 9

Now we have the Team ID, and we are ready to test the API from the POSTMAN. Go back to POSTMAN tool, format the URL as below. Change the request type to ‘POST’. From step 6 from the previous section, replace the ‘Team-ID’ with the ID value you got from the graph explorer.

https://graph.microsoft.com/v1.0/teams/c45709b7-369b-4cdf-8853-0cb84554c322/channels

The screen should look like below. The URL should be changing based on the ID property of your team.

Step 10

Now go to ‘Authorization’ tab, select the ‘Type’ as ‘OAuth 2.0’.

Step 11

In the configure new token section, Enter the following

• Token Name: It can be anything. I am entering as ‘Channel Token’.
• Grant Type: ‘Client Credentials’. Since I already have Client ID and Client Secret for the App. Note Client Secret can only be seen once the Client ID is created. After you navigate away and comeback it will be appearing as secure text. Make sure you note the Client Secret while creating and configuring the App.
• Access Token URL: it should be in format of https://login.microsoftonline.com/{TENANT-ID}/oauth2/v2.0/token. Replace {TENANT-ID} with your Azure AD Tenant ID. You can get the Tenant ID from the Azure AD App overview section as mentioned in the above section.
• Client ID: the value that you got while configuring the ‘Certificates and Secrets’.
• Client Secret: the value that you got while configuring the ‘Certificates and Secrets’.
• Scope: https://graph.microsoft.com/.default. This is very important step. The default basically gets the scopes that are defined while creating the Azure AD App.
• Client Authentication: Leave it as default which is ‘Send as Basic Auth Header’.

 

Step 12

On success, you get the below screen

Step 13

Now click on ‘Use Token’. Which means this token will be used to interact with Graph End Points.

Step 14

Now go to ‘Body’ tab and select the ‘raw’ and give the properties in the JSON format. You can update the below JSON properties as per your needs. 

{
  "displayName": "TestChannel08272025",
  "description": "This channel is where we debate all future architecture plans",
  "membershipType": "standard"
}

Step 15

Now you are ready to test the Graph End Point to create channel. Click on ‘Send’.

On success you will get the following response, with status ‘201’.

Step 16

Validate the channel creation by going to respective teams.

It initially shows ‘1 hidden channel’ and on clicking on it, it shows up

The above steps confirms that the channel creation is successful, and the Azure AD Enterprise APP is working as expected and the APP has required API permissions defined.

Step 17

In the same way, we can test for channel deletion. The Graph API end point to delete the channel ID is

https://graph.microsoft.com/v1.0/teams/{TEAM-ID}/channels/{CHANNEL-ID}

Replace the {TEAM-ID} and {CHANNEL-ID}

Step 18

Now try to save the ‘Create Channel’ request in POSTMAN. This will help in reducing some repetitive steps for the next operation. Moreover you can come back and execute this API test with very minimal clicks. 

Step 19

Now try to save as the ‘Create Channel’ request in POSTMAN as ‘Delete Channel’.

Step 20

Now change the method as ‘DELETE’ and then append the channel ID. The channel ID should be seen in the request body.

Step 21

For deleting channel, there is no further configuration required, you can now click on ‘Send’.

On success, the response should be 204 ‘No Content’.

Step 22

Go back to your teams and observe the previously created channel exists no more.

Only the ‘General’ channel is shown.

Conclusion

Thus, in this article, we have done the following

• Verified the Azure AD App and got the App Details
• Used POSTMAN tool to test App functions by interacting with Graph API end points.

References

• https://stackoverflow.com/questions/44945663/postman-error-tunneling-socket-could-not-be-established-statuscode-407
• https://www.geeksforgeeks.org/how-to-download-and-install-postman-on-windows/
• https://docs.microsoft.com/en-us/graph/api/channel-post?view=graph-rest-1.0&tabs=http