Can I change the body of /access_token request during the authorization code flow?

wave_stone · January 4, 2021, 10:43am

Hi every body,

I’ve try to generate automatically an access_token with authorization_code flow in Postman.
For that I use the option authorization > Oauth2.0 > Authorization Code.

All my parameters are correct and I can genarate a code.
My issue begin when Postman try to exchange this code on my authorization serveur.
The body of the Postman call is the follow one :
{
grant_type: “authorization_code”,
code: “549d2676-1b80-4219-8f2c-e3a1629b38c5”,
redirect_uri: “https://oauth.pstmn.io/v1/callback”,
client_id: “XXXX”
}
But my Identity provider only accept this type of body :
{
grant_type: “authorization_code”,
code: “549d2676-1b80-4219-8f2c-e3a1629b38c5”,
redirect_uri: “https://oauth.pstmn.io/v1/callback”,
}

So I always receive on error 400 bad request.

I want to know if it’s possible to change the parameter of the code exchange call (/access_token) ?
Or if it’s not, if I can just retrieve the code and made the “/access_token” call alone ?

Thanks for your help.

Kind regards

michal.robaszewski.j · January 4, 2021, 3:38pm

Hi, Welcome in community
From my experience I use standalone request to AUTH server. With all required headers/body.
Those built In authorization options are good for basic OAuth usage and I made it work only once for products that I had worked.
OAuth standard is well documented and fetching token by simple POST is try and err path if you are doing it first time.

So. Create a POST to that URL, In Headers you may or not need basic auth. In content type you should add

Content-Type:application/x-www-form-urlencoded

and body depending from implementation and grant_type should at least got those 3 key-value pairs as you posted.

Then in Tests tab add simple

pm.test("Status code is 200", function () {
    pm.response.to.have.status(200);
});

if (pm.response.to.be.success) {
    var jsonData = pm.response.json();
    pm.collectionVariables.set("token_auth", jsonData.access_token);
    
}

and on collection level in Auth tab choose bearer token with your’ variable

{{token_auth}}

Topic		Replies	Views
Postman OAuth 2 missing parameter "code" with OpenID Connect 🙋 Help authentication , oauth2	3	51	October 24, 2024
Pass Authentication Code into URL Parameter instead of request body 🙋 Help authentication	2	1013	August 21, 2024
OAuth2 Token into Body 🙋 Help	4	9280	March 10, 2022
Refreshing tokens with authorization code grant flow 🌱 Just Getting Started	4	8343	August 12, 2020
Change the name of the parameter called "access_token" 🌱 Just Getting Started authentication , parameters	5	76	October 19, 2024

Can I change the body of /access_token request during the authorization code flow?

Related topics