Medium Article: How to Automate OAuth2 Token Renewal in Postman

allenheltondev · July 18, 2019, 12:37pm

Hey everyone,

I have seen on a number of forums and stack overflow articles people expressing their frustration with the manual process Postman has for renewing OAuth2 tokens when they expire. I thought I would share a write up I did to help you get past the manual process and have your tokens renewing automatically.

Let me know what you think!

danny-dainton · July 18, 2019, 1:33pm

Hey @allenheltondev

That’s awesome!! Great work!!

I wrote something that solved a similar issue in my context a while back - Love how Postman gives you the ability to created scripts like this in the application!!

surfgirl84 · August 7, 2020, 12:44pm

Hello Allen, your method would really help me, just I have an implict flow, and do not really know how to implement this script with implicit crant type, do you have any suggestions? I would highly appreaciate! Ewa

lamnguyen1996 · June 19, 2021, 11:18am

Hi Allen,

That’s really great.
But how about the new Authorization Code (With PCKE). I have set it up and can get access_token by click on the Get Token button. Are there any ways to trigger it and get the token in the pre-request script?

allenheltondev · June 21, 2021, 1:26pm

I could be wrong on this because I’m not a security expert, but I believe the PKCE flow requires a user to hit a login button. It’s intended to be used by an end user and not through automated means.

What we’ve done where I work is to set up a CCF (client credentials flow) for automation and use that while forcing our end users to go through PKCE.

praveendvd · June 22, 2021, 8:48am

There will be a refresh token and a refresh end point available you just have to send a post request to that refresh end point with the refresh token . You will get a new token . That’s the easiest way I guess

semangard · July 14, 2021, 8:04am

Feature request asked : Auto update of OAuth2 access tokens · Issue #10112 · postmanlabs/postman-app-support (github.com)

Giiyms · August 9, 2021, 2:08pm

Is there a way to get the Collections authorization access token from the available tokens?
Tried: pm.collectionVariables.get(“Access Token”)
but it is not a variable.
Would be nice to be able to access to the bearer token value inside the pre/test scripts.

JoshQA · August 11, 2021, 8:25pm

really could use something like this, i am struggling to automate the oauth2 from google in postman. It just breaks after x time.

Topic		Replies	Views
Can you automate the google oauth token process in postman? 🙋 Help	1	803	June 11, 2021
How to automatize OAuth2 token RE-negotiation WHENEVER refresh token is expired 🙋 Help	0	341	March 21, 2023
Call execute get Authorization token automatically when you hit API 🌱 Just Getting Started authentication	2	5319	July 15, 2022
How can I auto refresh OAuth 2.0 token once the token expires.? 🙋 Help token	11	42548	December 30, 2022
Automatically Request for authorization before test? 🙋 Help	1	1701	December 16, 2019

Medium Article: How to Automate OAuth2 Token Renewal in Postman

Related topics