Hi everyone, I just got started with Postman, and I already managed to make some requests to unprotected endpoints of my app.
For some endpoints, my app needs to make requests to an external API, in this case, the project management app Asana.
Usually, my auth flow goes like this:
- My app redirects the user to Asana to start the oAuth 2.0 process.
- After authentication, Asana sends the user back to my app to the callback-endpoint, with an authorization code in the URL.
- That callback-endpoint in my backend will be able to retrieve the the authorization code from the request URL.
- The backend will exchange the authorization code for an access code against Asana’s oAuth API.
- On success, the backend will store the access code (and refresh code) in a server session and set a session cookie in the user’s client.
- Having a valid session authorizes the user against my API and the access codes in the session can be used for future requests to my API that involve my backend requesting external data from the Asana API.
Now I would like to replicate this in Postman, authenticating against Asana and receiving the cookie from my backend that authorizes the user both against my API as well as against Asana through the access codes stored in the session associated to the cookie.
I managed to do the standard oAuth 2.0 flow in Postman, which gives me the access token. But I don’t need that token, I need to go through the endpoint on my backend that gives me the cookie.
Which flow do I have to follow and can anyone perhaps suggest me a tutorial that would match the process I have going on here?
Thanks in advance!