fastapi_msal icon indicating copy to clipboard operation
fastapi_msal copied to clipboard
verified publisher icon dudil

authenticating via postman seems impossible

Open benoitmiserez opened this issue 6 months ago • 2 comments

Hello, thanks for the amazing repo.

I can successfully authenticate via the swagger docs as explained in the readme, but I am having trouble authenticating via postman (and other approaches that only use the API). After successfully using the browser to sign in, the /token endpoint is returning 401 Unauthorized.

I traced it back to line 31 in fastapi_msal/security/msal_auth_code_handler.py in MSALAuthCodeHandler().authorize_access_token(), where an auth_code seems to be retrieved from the session.

auth_code: Optional[AuthCode] = await AuthCode.load_from_session(session=SessionManager(request=request))

This does not seem to work via postman. Is this intended/expected behavior? How can I best solve this?

Thanks in advance!

benoitmiserez avatar Aug 05 '25 13:08 benoitmiserez

Hi @benoitmiserez - Just to confirm, when you mentioned you successfully using the browser to sign in Do you use postman for that operation? if so does postamn is saving the cookie rerieved from the sign-in operation?

dudil avatar Aug 08 '25 12:08 dudil

Yes, within Postman a browser is opened. I sign in to Microsoft, the browser is closed, and a Microsoft cookie is saved. However, when I debug the request to the /tokens endpoint of my app, there's no session data in the request and so auth_code is None, with a resulting 401 Unauthorized error. Admittedly, I'm new to Oauth so it might be something obvious I'm missing.

Image

benoitmiserez avatar Aug 08 '25 13:08 benoitmiserez