I am trying to write a pre-request script that generates an app secret proof for a Facebook API. I am using the new authentication feature in Postman, but I was wondering whether it is possible to access the token and the app secret in the script. My script is below, with some comments to clarify what I mean:
var access_token = "redacted lol"; // Can I get this from the collection's authorization?
var app_secret = pm.globals.get("appSecret"); // Can I get this from the collection's authorization?
pm.globals.set("appsecret_proof", CryptoJS.HmacSHA256(access_token, app_secret).toString(CryptoJS.enc.Hex));