Azure AD and Azure Functions authentication 401 problems with access tokens

This is a very annoying thing since most documentation describing Azure AD user authentication is not very clear about using access tokens to authenticate a user.

If you follow the example on Microsoft page you will be doing the all right things but if you intend to use access token to authenticate you will likely encounter 401 even if you pass a proper access token. Especially if you are using Postman.

https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

So this is because you are using the wrong version of the authenticate API URLs for Azure AD.

The fix is to use the v2.0 of the login URLs and scopes.

Auth URL:

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize

Access Token URL:

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

Scope:

{clientId}/.default

Found the fix finally in stackoverflow after alot of searching. It’s hard to find the exact documentation that you need: https://stackoverflow.com/questions/57496143/azure-functions-returns-401-unauthorized-only-with-postman

For postman if you Authorization tab in your request you can ask Azure AD to generate you a new access token: