OAuth2.O Authentication

Under OAuth 2.0 Authentication , to authenticate we can use grant type as Authorization code and client credentials. Not able to be figure out the exact difference between the Authorization code and client credentials grant type.

I tried to use grant type as Authorization code in Postman for authentication and triggered the PostDetails Request. I am able to authenticate successfully when I do it manually.

Below are the parameters that is set when I generate a new access token.

Token Name : Token Name
Grant Type : Authorization code
Callback URL : https://www.getpostman.com/oauth2/callback
Auth URL: https://login.microsoftonline.com/tenantname.com/oauth2/authorize?resource=https://usnconeboxax1aos.cloud.onebox.dynamics.com
Client ID : ccccccccccccccccccccccccccccccccccc
Client Secret: sssssssssssssssssssssssssssssss
Client Authentication: Send as Basic auth header

I am trying to send the same request with the below mentioned Pre- run script , the authentication fails with error.

JSONError: Unexpected token u in JSON at position 0.


  url:  'https://login.microsoftonline.com/tenantname.com/oauth2/authorize?resource=https://usnconeboxax1aos.cloud.onebox.dynamics.com', 

  method: 'Post',

  header: {

    'Accept': 'application/json',

    'Content-Type': 'application/x-www-form-urlencoded',

    'Authorization': 'Oauth_2.0'


  body: {

      mode: 'urlencoded',

      urlencoded: [

        { key: 'client_id', value: pm.environment.get("client_id")},

        { key: 'client_secret', value: pm.environment.get("secret_key")},

        { key: 'grant_type', value: 'Authorization_code'},

        { key: 'callback_url', value: 'https://www.getpostman.com/oauth2/callback'},

        { key: 'Auth_url', value: 'https://login.microsoftonline.com/tenantname.com/oauth2/authorize?//resource=https://usnconeboxax1aos.cloud.onebox.dynamics.com'},

        { key: 'client_authentication', value: 'Send as Basic auth header'}



}, function (err, res) {

    pm.environment.set("OAuthtoken", res.json().access_token);


Not sure what i am missing. Kindly suggest.

The way OAuth 2 typically works is that you need the user permission to get access data. I don’t see how this can work from a pre-request script.

May I suggest you watch this tutorial I have created a while back? Maybe it can help better understand what a typical flow implies.