Medium Article: How to Automate OAuth2 Token Renewal in Postman

Hey everyone,

I have seen on a number of forums and stack overflow articles people expressing their frustration with the manual process Postman has for renewing OAuth2 tokens when they expire. I thought I would share a write up I did to help you get past the manual process and have your tokens renewing automatically.

Let me know what you think!

16 Likes

Hey @allenheltondev

That’s awesome!! Great work!! :trophy:

I wrote something that solved a similar issue in my context a while back - Love how Postman gives you the ability to created scripts like this in the application!!

4 Likes

Hello Allen, your method would really help me, just I have an implict flow, and do not really know how to implement this script with implicit crant type, do you have any suggestions? I would highly appreaciate! Ewa

1 Like

Hi Allen,

That’s really great.
But how about the new Authorization Code (With PCKE). I have set it up and can get access_token by click on the Get Token button. Are there any ways to trigger it and get the token in the pre-request script?

1 Like

I could be wrong on this because I’m not a security expert, but I believe the PKCE flow requires a user to hit a login button. It’s intended to be used by an end user and not through automated means.

What we’ve done where I work is to set up a CCF (client credentials flow) for automation and use that while forcing our end users to go through PKCE.

1 Like

There will be a refresh token and a refresh end point available you just have to send a post request to that refresh end point with the refresh token . You will get a new token . That’s the easiest way I guess

Feature request asked : Auto update of OAuth2 access tokens · Issue #10112 · postmanlabs/postman-app-support (github.com)

1 Like

Is there a way to get the Collections authorization access token from the available tokens?
Tried: pm.collectionVariables.get(“Access Token”)
but it is not a variable.
Would be nice to be able to access to the bearer token value inside the pre/test scripts.

1 Like

really could use something like this, i am struggling to automate the oauth2 from google in postman. It just breaks after x time.