Login credentials in Oauth2 popup window

Your question may already have an answer on the community forum. Please search for related topics, and then read through the guidelines before creating a new topic.

Here’s an outline with best practices for making your inquiry.

My question: How do you use username & password variables in the oauth2 login window?

Details (like screenshots): I’ve got usernames & passwords of test accounts saved as variables, but I’d like to use them in our oauth2 flow to get authorization tokens. The login popup that appears when I hit the “Get New Access Token” button seems like it can only accept hand-typed credentials. How do you use the oauth2 auth flow when you’re running an entire folder or collection that depends on that token? Does it have to be a manual process every time?

How I found the problem: Our plain old cookie-based authorization is just a POST to a /login endpoint with a {{username}} and {{password}} body, so when this request is run at the beginning of a collection run, it sets the cookie, then the rest of the requests in the collection run with that session cookie. There doesn’t seem to be an equivalent way to “pass a stored username & password” into the oauth2 window.

I’ve already tried: Googling & stack-exchanging.

Hi @dougleenhoutsvivint

Are you using the oauth2 option in the Authorization tab?

You should be able to use the “Token Name” as a variable

I am using the Authorization tab - but before you get the token you have to pass in a username/password, either in a Postman popup, or in a browser if you’ve got “Authorize using browser” selected.

How do I pass a username/password into those fields programmatically?

your endpoint must behave differently to the one I use for work as when I feed it a clientID and clientSecret I don’t get a redirect like you describe.

If you select “Authorize using browser”, then press the “Get New Access Token” (assuming cookies are cleared too), don’t you get redirected to a chrome/ff/IE/safari window with a username/pw prompt?

Anyone have any insight? There’s got to be a way to run a collection without having to manually enter a username and password, right?

I have a call like this, that grabs a token using the client_id / client_secret.
This doesn’t redirect, it just spits a bearer token into the response that I save as a variable and then pass in to all proceeding calls.


I also have similar issue. Looking for possible solution so that we can automate.

I have similar issue. Basically this is REST endpoint implemented with OAuth2 workflow for Human Authentication.
When we hit the endpoint, it will redirect to login website and ask for username/password,.
Once we are authenticated, the login website will send a code to original frontend. Frontend will store this code as a Cookie and use it to authenticate with login website for real access token during subsequent request.

For normal REST endpoint protected by OIDC, then we can just give a Bearer Token, but this is not the case above.