How does Postman OAuth2 Login with authorization-code work?

Ch4mp · August 26, 2025, 12:16pm

I observed that when using the authorization code flow, there is actually no redirection to the callback URL: Postman intercepts the redirection and performs the exchange of the code for tokens itself.

How does this happen?

Does it use a browser without the usual checks on iframe source being SameSite, and listen for src events to intercept the redirection from the authorization server to the callback URL?

gbadebo-bello · August 26, 2025, 1:18pm

Hi @Ch4mp . Welcome to the Postman Community .

When working with the OAuth Authorization helper in Postman, we use(and recommend you use) a redirect URI provided by Postman. There are two, respectively:

Desktop: https://oauth.pstmn.io/v1/callback
Browser: https://oauth.pstmn.io/v1/browser-callback

This enables Postman to:

Get the authorization code for you
Redirect you to the Postman Platform after
Exchange the authorization code for an access + refresh token pair
Auto-refresh the access token if you choose to toggle that option

Topic		Replies	Views
Where can I find the code for Postman OAuth 2.0, it generates access token without redirecting to the default redirect uri which is fantastic! Help Hub oauth-20	1	2406	August 21, 2018
Postman OAuth 2 missing parameter "code" with OpenID Connect Help Hub authentication , oauth2	5	1536	August 20, 2025
How to simulate oAuth 2.0 flow in Postman with Authorization Code Help Hub oauth2 , oauth2-token	7	67258	June 19, 2021
Unable to Obtain OAuth Access Code Help Hub oauth	4	6609	January 31, 2022
OAuth2 callback not doing anything Help Hub oauth2	2	2897	August 1, 2024

How does Postman OAuth2 Login with authorization-code work?

Related topics