I previously used Ping’s OAuth Playground for this but I have used Postman for multiple general API testing with collections.
I seem to be nearly where I need to be using 2 Postman’s methods to obtain an Access Token, but a little guidance is required.
Issues:
The Authorization Server wants the list of scopes separated by the “+” character not " " or encoded %2B
Using the Get Access Token button, I am able to pass only 1 scope as the “+” is encoded to %2B
I am not able to use the pre-script parsing method to remap the “+”
I am able to get the Browser Re-Direct and be able to enter my username & password in the HTML Form, then get AT & ID Tokens
Using the standard posting methods, of PUT & OAuth URL, I am stuck.
I get back a lovely HTML page in text but not via a browser, but the rest of the URL data is correct
the HTML page does have a considerable amount of JavaScript
Disabling encoding does not seem to apply to the Get Access Token page
I won’t advise you to use the above to input credentials as you’ll need to get the authorization grant from the redirect URI. The Authorization request is always a GET request to a URL, and it redirects you to an HTML page. If you copy the Authorization request in your Postman address bar and paste that into your browser URL, you’ll get the same HTML page rendered and when you enter your credentials and authorize the requests, it will redirect you to the redirect URL which should contain the authorization code.
Note that the above narration only works if you’re using an authorization code as your authorization grant or when working with PKCE.
