Change OAuth2.0 token using pre-test script

Ask the Experts and Postman Tips
,
1

My question: How do I programmatically specify the token used in the Authorization tab of an API call?

Details (like screenshots): I have multiple tokens saved in Postman for multiple different “users”. These are visible under “Manage Tokens”, and they each have different names. Each contains various unique attributes that you would expect for OAuth2.0 validation, such as the access token, refresh token, expiry date etc.

I would like to run the same collection multiple times, once for each different “user” (a.k.a. unique token that I have stored). I am not sure how to change the token being used, other than by clicking the drop-down menu under the Authorization tab.

How I found the problem: I understand this can be done by manually specifying headers as variables, but I like how Postman automatically handles refreshing the access token if you use the Authorization tab.

I’ve already tried: pm.environment.set(“currentAccessToken”) = myTokenName in pre-test script

2

You can emulate the refreshing of the token in a pre-request script and you’ll have full control over the headers.

The following is an example of authenticating to Microsoft.

pm.test("Check for collectionVariables", function () {
    let vars = ['clientId', 'clientSecret', 'tenantId', 'username', 'password', 'scope'];
    vars.forEach(function (item, index, array) {
        console.log(item, index);
        pm.expect(pm.collectionVariables.get(item), item + " variable not set").to.not.be.undefined;
        pm.expect(pm.collectionVariables.get(item), item + " variable not set").to.not.be.empty; 
    });

    if (!pm.collectionVariables.get("bearerToken") || Date.now() > new Date(pm.collectionVariables.get("bearerTokenExpiresOn") * 1000)) {
        pm.sendRequest({
            url: 'https://login.microsoftonline.com/' + pm.collectionVariables.get("tenantId") + '/oauth2/v2.0/token',
            method: 'POST',
            header: 'Content-Type: application/x-www-form-urlencoded',
            body: {
                mode: 'urlencoded',
                urlencoded: [
                    { key: "client_id", value: pm.collectionVariables.get("clientId"), disabled: false },
                    { key: "scope", value: pm.collectionVariables.get("scope"), disabled: false },
                    { key: "username", value: pm.collectionVariables.get("username"), disabled: false },
                    { key: "password", value: pm.collectionVariables.get("password"), disabled: false },                    
                    { key: "client_secret", value: pm.collectionVariables.get("clientSecret"), disabled: false },
                    { key: "grant_type", value: "password", disabled: false },
                ]
            }
        }, function (err, res) {
            if (err) {
                console.log(err);
            } else {
                pm.test("Status code is 200", () => {
                    pm.expect(res).to.have.status(200);
                });
                let resJson = res.json();
                pm.collectionVariables.set("bearerTokenExpiresOn", resJson.expires_in);
                pm.collectionVariables.set("bearerToken", resJson.id_token);
            }
        });
    }
});