I recently had a puzzling situation: I was using Postman to call K2 APIs secured with Azure AD, as described in K2 Help article https://help.k2.com/kb002838. In this scenario bearer token is used for authentication. I had a requirement to test calls to the API using different accounts – which means that different bearer token should be retrieved for different calls. However, during my research, in one moment I clicked on the wrong button on “Stay Signed In?” screen presented after log in, which essentially blocked me from being able to switch accounts in the future.
As I clicked ‘Yes’ on the screen above, I was not presented with login prompt any more – and Postman would call the API and obtain a token for that particular account.
I tried to clear storage in Postman, but that did not help. I was constantly logged in to that account.
So, there has to be better way.
Open https://login.microsoftonline.com/logout.srf and log out from services. So, I executed the call from same Postman tab which I used to access the API:
That indeed signed me out from Azure AD, and I was able to log in again with different account.
Don’t use “Stay Signed In?” while testing API calls from Postman.
Until the next time!