My workflow is to push changes to my swagger docs, then convert those to Postman and run a PUT on /collections/{{collectionId}} to update my collection on Postman.
My Swagger doc defines two possible security options:
OAuth2AccessCode
OAuth2Application
I have security setup for each endpoint because I require different scopes for specific operations. Here’s an example of my GET on /account:
paths:
/account:
get:
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/Account'
security:
- OAuth2AccessCode:
- app/read
- OAuth2Application:
- app/read
summary: List the details for your account.
tags:
- account
When this gets imported into Postman via swagger2-to-postmanv2 conversion (GitHub - postmanlabs/swagger2-postman2: Module and library to convert Swagger 2.0 to a Postman Collection (v2.0)) I end up seeing this in the endpoint authorization:
which isn’t really what I want.
At the collection level, I have a pre-request script to generate an auth token for the application flow and places it into my environment, which goes a lot nicer when I manually select “Bearer token” from the auth drop down in that screenie above.
If I leave it as is now, I can’t run the collection because it never gets proper authorization. Perhaps there’s something else about my collection update to set to allow for the pre-request script to provide proper authentication to the collection? Just fyi, the pre-request script stores the active token on the environment.
Which leads me to my question, how can I make this work a bit smoother instead of having to grab a new token from either the endpoint’s tab on Postman or changing it manually to “Bearer token” type auth?