Hi community,
I’m currently facing an unusual issue while configuring an OAuth 2.0 token request in Postman and hoping someone can shed some light on this.
What I’m Doing
I’m using the OAuth 2.0 Authorization method in Postman with the Client Credentials Grant to request a token.
My setup involves a client_id and a client_secret that starts with a capital “I” (i.e., IotQ*****).
When I use this configuration through Postman’s Authorization tab (OAuth 2.0 helper), the request fails with:
Error: access_denied, Description: Unauthorized
What Works
If I bypass the OAuth 2.0 helper and send the token request manually in the Body (raw JSON) tab like this:
{
"audience": "https://api.xyz.com/v1/",
"grant_type": "client_credentials",
"client_id": "oZY*****************************",
"client_secret": "IotQ*****************************"
}
…the request works perfectly and I get a valid token.
What Doesn’t Work
When I paste the same client secret in the OAuth 2.0 UI, the request fails.
On close inspection, it seems Postman might be visually rendering or interpreting the capital I (eye) as a small l (ell), or somehow altering it internally — causing authentication to fail.
What I’ve Tried
Verified the actual value with a password viewer
Tried retyping instead of pasting
Encoded client secret to Base64 (same issue)
Compared raw request sent — confirmed token request differs when done manually vs via helper
My Question
Is this a UI rendering issue or an actual input encoding problem?
Has anyone else experienced this specific “I” vs “l” client secret mismatch in Postman’s OAuth 2.0 Authorization helper?
Any recommended workaround beyond raw body method?
Version Details
Postman version: Postman 11.51.5
Platform: Windows
API Auth Type: OAuth 2.0 – Client Credentials Grant
Any help or insight is much appreciated.
Thanks!