Postman, Azure AD and ‘Stay Signed In?’
I recently had a puzzling situation: I was using Postman to call K2 APIs secured with Azure AD, as described in K2 Help article [https://help.k2.com/kb002838. ](https://help.k2.com/kb002838. which) In this scenario bearer token is used for authentication. I had a requirement to test calls to the API using different accounts – which means that different bearer token should be retrieved for different calls. However, during my research, in one moment I clicked on the wrong button on “Stay Signed In?” screen presented after log in, which essentially blocked me from being able to switch accounts in the future.
As I clicked ‘Yes’ on the screen above, I was not presented with login prompt any more – and Postman would call the API and obtain a token for that particular account.
I tried to clear storage in Postman, but that did not help. I was constantly logged in to that account.
So, there has to be better way.
Solution
Solution for this problem was quite simple and written down in Azure AD support article (linked from StackExchange thread):
Open https://login.microsoftonline.com/logout.srf and log out from services. So, I executed the call from same Postman tab which I used to access the API:
That indeed signed me out from Azure AD, and I was able to log in again with different account.
Lesson learned
Don’t use “Stay Signed In?” while testing API calls from Postman.
Until the next time!
Dragan