I’m trying to test an api that needs google account login from my webapp. Basically I’m trying to simulate google login on the webapp by using OAuth 2.0. The webapp gets the code after authenticating and passes on to the backend. The backend utilizes the secretid and clientid for logging on.
I went through the OAuth 2.0 related postman tutorials and questions but the content I went through didn’t answer my questions fully.
The web app auth flow:
- Webapp has an oauth clientid that is used for authentication, and after choosing an account to log in, it fetches a one time code from google and passes it forward to our backend api.
- Backend does the authentication if the user is right, which uses the secret along with clientid.
From what I’ve understood so far, Postman needs both clientid and secret.
So my questions are: Is there a way I can automate the above flow with Postman? What I need is essentially just the one time token from Google. For this no secret is necessary. In the OAuth2.0 access token request, I cannot provide the secret key along with the client id.
And secondly, I do not see a way to enter a gmail id in the auth flow anyway. So how will it work when I actually run the test, will I be presented with an option where I need to provide gmail authentication?
Apologies if I overlooked any existing tutorials/questions that cover it. In which case, could you point me to the right tutorial for google authentication the way my app uses it? Let me know if there’s anything I can clarify.