OAuth2.O Authentication

Under OAuth 2.0 Authentication , to authenticate we can use grant type as Authorization code and client credentials. Not able to be figure out the exact difference between the Authorization code and client credentials grant type.

I tried to use grant type as Authorization code in Postman for authentication and triggered the PostDetails Request. I am able to authenticate successfully when I do it manually.

Below are the parameters that is set when I generate a new access token.

Token Name : Token Name
Grant Type : Authorization code
Callback URL : https://www.getpostman.com/oauth2/callback
Auth URL: https://login.microsoftonline.com/tenantname.com/oauth2/authorize?resource=https://usnconeboxax1aos.cloud.onebox.dynamics.com
Client ID : ccccccccccccccccccccccccccccccccccc
Client Secret: sssssssssssssssssssssssssssssss
Client Authentication: Send as Basic auth header

I am trying to send the same request with the below mentioned Pre- run script , the authentication fails with error.

JSONError: Unexpected token u in JSON at position 0.

pm.sendRequest({

  url:  'https://login.microsoftonline.com/tenantname.com/oauth2/authorize?resource=https://usnconeboxax1aos.cloud.onebox.dynamics.com', 

  method: 'Post',

  header: {

    'Accept': 'application/json',

    'Content-Type': 'application/x-www-form-urlencoded',

    'Authorization': 'Oauth_2.0'

  },

  body: {

      mode: 'urlencoded',

      urlencoded: [

        { key: 'client_id', value: pm.environment.get("client_id")},

        { key: 'client_secret', value: pm.environment.get("secret_key")},

        { key: 'grant_type', value: 'Authorization_code'},

        { key: 'callback_url', value: 'https://www.getpostman.com/oauth2/callback'},

        { key: 'Auth_url', value: 'https://login.microsoftonline.com/tenantname.com/oauth2/authorize?//resource=https://usnconeboxax1aos.cloud.onebox.dynamics.com'},

        { key: 'client_authentication', value: 'Send as Basic auth header'}

    ]

  }

}, function (err, res) {

    pm.environment.set("OAuthtoken", res.json().access_token);

});

Not sure what i am missing. Kindly suggest.

Hi,
The way OAuth 2 typically works is that you need the user permission to get access data. I don’t see how this can work from a pre-request script.

May I suggest you watch this tutorial I have created a while back? Maybe it can help better understand what a typical flow implies.

1 Like

Dear Valentine, thanks a lot for your video, which is very helpful. However, even after doing everything as explained in the vid, I am still not able to retrieve the authorization code.
I am working with a different API than dropbox, but the documentation is actually very good and similar to Dropbox. I created a sandbox project, getting both client ID % secret, which I declared variables for just as in your video. The documentation also states the endpoints needed:
https://api-sandbox.commerzbank.com/auth/realms/sandbox/protocol/openid-connect/auth
https://api-sandbox.commerzbank.com/auth/realms/sandbox/protocol/openid-connect/token
So eventually my Postman looks like this:


I have also picked the correct environment.
However, when I now click on Get New Access Token, a new browser window with message “Bad Request - Please check for request parameters.” pops up. I really dont know what else to try, so before I contact the service email of the API provider, I am asking if I am missing something obvious here? Could Scope and/or State be mandatory?

Thanks all for the thread and information. It has been very helpful.
I’m trying to change the access_type to offline, so the browser does not pop up the second time, Is it possible?
I also need to know the refresh_token, given that the API I’m accessing (google API), has a very short expiration time to the access_token. Is it possible?
Thanks a lot