I’m trying to use Postman to test a REST service that is protected using JWT tokens retrieved from Auth0 (developer.auth0.com). If I enter the details for Auth0 into Postman and get an access token I get back the following access token data:
To access the service I want to test I need to send the id_token value in a header. However, by default Postman will use the access_token value and there’s no possibility to choose otherwise.
It would be nice if it was possible to choose the token you want to use to send in the authorization header somehow.
@sandeep_varma I am not familiar with Auth0 all that much but I would like to better understand the issue you are facing.
Can you give us some more information on exactly what you are doing? What I am most interested in is the call to Auth0 to get the JWT. I am trying to figure the issue out myself but as mentioned, not familiar with Auth0 and how they create JWT’s
I am using postman to generate AuthO token. I am using Oauth 2.0 to generate that when i click on Get new access token and enter all required information it is generating both Access token and Id_token where in my case Id_token id JWT token. i want to copy that to my authorization but i am not able to do that every time it is copying Access token. it would be helpful for me some how i can copy id_token
@sandeep_varma I think I understand what you are trying to do.
Can you provide me a sample of the response body from this Auth call? Just remove or edit the data, I only really need to schema of whats returned.
@tmccann, I think Sandeep and I are attempting a similar workflow.
When you set up postman to get an Oauth 2 access token you can pretty easily set it up so that it will request an access token from Auth0. It’s a very common workflow with a JWT setup to specify the scope as “openid email profile” as in my screenshot below so that you get a JWT back.
When you do this, in the second screenshot you can see that postman has a field for “Access Token” and another for “id_token”. The “id_token” is the JWT, which is great, and seems very close to what we need. However, there doesn’t appear to be any way to use the “id_token” in the Authorization header rather than the “Access Token” that it uses by default. I don’t think this issue is specific to Auth0, but AWS Cognito and pretty much any service using Oauth 2 with JWTs will have a similar implementation.
I would like this capability as well. I can copy the value of the id_token from the manage access tokens modal and paste it into the token text field and Postman does send that as the Bearer token so it works but isn’t as convenient as having an option to configure PM to use id_token or to take an alternative action in place of “Use Token” to use id_token instead of the access token.
I have the same problem, this is extremely inconvenient. I don’t want to copy and paste, but use it correctly.
The Postman team hear our prayers and answer us.
Postman team could add an option to select what token we want to provide on Bearer on our api calls, in this case having possibility to select the id_token instead of access token.
Is this possible with some hooks and javascript such as “pre-request scripts” on postman?
I also would like this feature. It is annoying that I have to copy the IdToken from the response and paste it to a BearerToken. I would like to have PostMan offer a solution on with token to use.
As I see, there is no progress on this topic for the last year and I can’t see any intention from the team to add the feature. Is there anything blocking from doing it or requires some additional research?
I would like to help as much as possible because it seems to be a simple and very powerful feature out of the box…
EDIT:
Could it be that it is just a paid feature, so the Postman team does not add it?
Auth0 authentication needs the audience, but Postman doesn’t allow us to specify this parameter. In this case we need to set the default audience in the Auth0 account. After changing this parameter you will receive the right token
Just adding another request for this feature, it’s super inconvenient not to be able to use the id_token since the Auth0 workflow seems to work perfectly otherwise within postman.
I would suggest adding all feature requests to the place that the team will see them.
These can be raised on our issue tracker:
This is a public community fourm and there is potential for feature requests, bugs, etc. to be missed and not seen by the folks who can make them happen