Advanced OAuth2 request with custom header

Ask the Experts and Postman Tips
1

Hello. I’m trying to execute an OAuth2 interactive request from Postman using the Advanced feature and adding a custom header. Per this except from the documentation, I should be able to add one:

Auth Request , Token Request , and Refresh Request - Define any custom parameters you want to send with auth requests, token requests, or refresh requests. For each key-value pair you define, select an option to send the parameter in the request body, request URL, or request headers.

However, I don’t get the option to specify how to send the auth request. By default, it’s sending the KVP in the query string. How do I get this to be sent via a custom header instead? Basically, I need to be able to send a custom JWT using Demonstrated Proof of Possession (DPoP) which I can’t do using a query string per RFC 9449. Is there some way to do this using a pre-request script instead? Thanks in advance for your help.

2

I managed to get a working solution by executing a dummy request first and using a pre-request script to generate a JWT then setting an environment variable with this value. From there, I executed an OAuth2 request via the Get New Access Token button, authenticated interactively, then called a target API passing my AT and a new DPoP token set with a pre-request script similar to the first one I generated. Would be nice not to have to do the dummy request to set my initial DPoP token, but it works.

Postman_OAuth2_dpop_custom_header
Postman_OAuth2_dpop_custom_header660×140 7.17 KB