Your question may already have an answer on the community forum. Please search for related topics, and then read through the guidelines before creating a new topic.
Here’s an outline with best practices for making your inquiry.
My question: How do you use username & password variables in the oauth2 login window?
Details (like screenshots): I’ve got usernames & passwords of test accounts saved as variables, but I’d like to use them in our oauth2 flow to get authorization tokens. The login popup that appears when I hit the “Get New Access Token” button seems like it can only accept hand-typed credentials. How do you use the oauth2 auth flow when you’re running an entire folder or collection that depends on that token? Does it have to be a manual process every time?
How I found the problem: Our plain old cookie-based authorization is just a POST to a /login endpoint with a {{username}} and {{password}} body, so when this request is run at the beginning of a collection run, it sets the cookie, then the rest of the requests in the collection run with that session cookie. There doesn’t seem to be an equivalent way to “pass a stored username & password” into the oauth2 window.
I am using the Authorization tab - but before you get the token you have to pass in a username/password, either in a Postman popup, or in a browser if you’ve got “Authorize using browser” selected.
How do I pass a username/password into those fields programmatically?
your endpoint must behave differently to the one I use for work as when I feed it a clientID and clientSecret I don’t get a redirect like you describe.
If you select “Authorize using browser”, then press the “Get New Access Token” (assuming cookies are cleared too), don’t you get redirected to a chrome/ff/IE/safari window with a username/pw prompt?
I have a call like this, that grabs a token using the client_id / client_secret.
This doesn’t redirect, it just spits a bearer token into the response that I save as a variable and then pass in to all proceeding calls.
I have similar issue. Basically this is REST endpoint implemented with OAuth2 workflow for Human Authentication.
When we hit the endpoint, it will redirect to login website and ask for username/password,.
Once we are authenticated, the login website will send a code to original frontend. Frontend will store this code as a Cookie and use it to authenticate with login website for real access token during subsequent request.
For normal REST endpoint protected by OIDC, then we can just give a Bearer Token, but this is not the case above.
