Do pre-request scripts also inherit authorization?

Good morning,

I am running some requests that all inherit authorization (OAuth) from the man collection which works well.

But my authorization does not appear to inherit when performing pm.sendRequests in pre-request scripts.

Should pre-request scripts inherit authorization like folders and other collections do?

I won’t speak for the Postman team, but it doesn’t make sense to me for it to work that way.

You are writing code in your pre-request script. Postman has no idea what you’re doing in there, it’s just running javascript.

The auth is for proper Postman requests. Ones that show up in collections and folders. Not for ones being sent via code.

That being said, it’s not hard to add a header and pull a variable for a request being made in code. Do you need assistance with that?

Hi, thanks for replying. You are of course right.

Understood, I will keep that in mind.

Some help on that would be very useful, thank you.

I have tried to pull the request header from another test in the Tests tab after a collection request executed successfully and use that, but I am obviously not doing it correctly. I have a lot to learn about authorization and headers in particular I guess.

I assume I need to extract parts of the authorization header and use that in the pm.sendRequest…?

I’d start with this article to get you set up for automating your OAuth token acquisition/renewal. It will also add your JWT in a variable, which you can then use in your pre-request script.

1 Like

I’m also missing the feature that authorization is inherited in pre-request scripts. My use case is a bit different. When sending a modifying OData request (POST, PUT, PATCH …) I need to send an CSRF token in the header. So far I have a separate HEAD request to the OData service document URL in my collection to fetch an CSRF token and then store in a variable. The modifying request will get the CSRF token from the variable.

That approach works fine but I want to automate the HEAD request with a pre-requisite script. That is basically already working. I use pm.request.clone(); to get a new request, change the method to “HEAD” and shorten the URL to the service document and then use this request to fetch the token. Unfortunately this only works if the authorization information are provided on the request itself. It does not work if authorization is set to “inherit from parent”. Is there any way to retrieve the authorization information from the parent (folder, collection) in the pre-request script?