Postman, Azure AD and ‘Stay Signed In?’

Tags: Postman, Azure, Azure AD, K2 API

I recently had a puzzling situation: I was using Postman to call K2 APIs secured with Azure AD, as described in K2 Help article https://help.k2.com/kb002838. In this scenario bearer token is used for authentication. I had a requirement to test calls to the API using different accounts – which means that different bearer token should be retrieved for different calls. However, during my research, in one moment I clicked on the wrong button on “Stay Signed In?” screen presented after log in, which essentially blocked me from being able to switch accounts in the future.

You don't want to click 'Yes' here

As I clicked ‘Yes’ on the screen above, I was not presented with login prompt any more – and Postman would call the API and obtain a token for that particular account.

I tried to clear storage in Postman, but that did not help. I was constantly logged in to that account.

image

So, there has to be better way.

Solution

Solution for this problem was quite simple and written down in Azure AD support article (linked from StackExchange thread):

Open https://login.microsoftonline.com/logout.srf and log out from services. So, I executed the call from same Postman tab which I used to access the API:

image

That indeed signed me out from Azure AD, and I was able to log in again with different account.

Lesson learned

Don’t use “Stay Signed In?” while testing API calls from Postman.

Until the next time!

Dragan

No Comments

Add a Comment