Hi, I’m trying to test an end-to-end OAuth2 flow including logout. I can login/authorize fine using the Auth panel/Get New Access Token button, and this creates a token somewhere. What I want to do is to test a Logout endpoint and make sure that the cookie created when the access token is generated gets cleared. I am using the built-in web viewer (“Authorize using browser” is off)
While I know that the “Clear cookies” button will clear all Auth cookies, that is not what I want to do. I want to let the Logout function do the clearing, and it does not appear that it is.
When I got to DevTools, either Current Shell or Current View, I am unable to find the OAuth cookie/s, which makes me think that Postman might be creating something akin to a Incognito window which cookies/local storage is separate from the rest of Postman.
Is there anyway to share the “browser instance” used by Postman Requests and the Auth Get New Access Token functionality?
You might have to do this as separate steps which gives a bit more control over the Authorization tab. Either by setting up a pre-request using sendRequest to generate the token, or a folder with a login request that saves the variable to be used in the next request.
All this really does usually is set a header prefix called bearer with the token added to it.
Your logout endpoint should report a successful logout. That is the first test.
You could then try the previous request again which should throw up an authorisation error as the token is no longer valid.
Step1: Login (generate token and store in variable - assert that token is returned)
Step 2: Request 1 (using the token generated in step 1 as the bearer token). Assert that the data being returned is correct.
Step 3: Logout (assert that you get a logout success message)
Step 4: Request 1 (using same token as before). Assert that you get an authorisation error.
How to check cookies specifically. Sorry, I don’t know.