authenticating via postman seems impossible

[benoitmiserez]

Hello, thanks for the amazing repo.

I can successfully authenticate via the swagger docs as explained in the readme, but I am having trouble authenticating via postman (and other approaches that only use the API). After successfully using the browser to sign in, the /token endpoint is returning 401 Unauthorized.

I traced it back to line 31 in fastapi_msal/security/msal_auth_code_handler.py in MSALAuthCodeHandler().authorize_access_token(), where an auth_code seems to be retrieved from the session.

auth_code: Optional[AuthCode] = await AuthCode.load_from_session(session=SessionManager(request=request))

This does not seem to work via postman. Is this intended/expected behavior? How can I best solve this?

Thanks in advance!

[dudil]

Hi @benoitmiserez -
Just to confirm, when you mentioned you successfully using the browser to sign in
Do you use postman for that operation? if so does postamn is saving the cookie rerieved from the sign-in operation?

[benoitmiserez]

Yes, within Postman a browser is opened. I sign in to Microsoft, the browser is closed, and a Microsoft cookie is saved. However, when I debug the request to the /tokens endpoint of my app, there's no session data in the request and so auth_code is None, with a resulting 401 Unauthorized error. Admittedly, I'm new to Oauth so it might be something obvious I'm missing.