Oauth2 Password Credential doesn't work but a simple request with the same body does

I am trying to set the authentication method for a collection. The method is Oauth2 with Password credentials. I am able to get the token with a simple request, but not when try to set the collection’s authentication.

Here’s the log with error:

POST /api/externalServices/login HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: PostmanRuntime/7.29.0
Accept: */*
Cache-Control: no-cache
Postman-Token: 8302e858-113e-489a-a477-fa4336e99c77
Host: api.retelogisticastorage.it
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 87
HTTP/1.1 415 Unsupported Media Type
Server: nginx
Date: Thu, 28 Apr 2022 10:09:36 GMT
Content-Length: 0

Here is the log of the simple request:

POST /api/externalServices/login HTTP/1.1
Content-Type: application/json
User-Agent: PostmanRuntime/7.29.0
Accept: */*
Postman-Token: 52497d11-be4c-4edd-ac9c-cbef2dd81304
Host: api.retelogisticastorage.it
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 128
grant_type: "password",
username: "xxxxxx",
password: "xxxxxx",
client_id: "",
client_secret: ""
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Content-Encoding: br
Server: nginx
X-Powered-By: PleskLin
Date: Thu, 28 Apr 2022 10:14:14 GMT
"authToken": "<omissis>",
"username": "Riparaora"

It appears to me that the credentials are sent as query string instead of body, although I selected the “Send client credential in body” as option. See attachment.

Am I doing something wrong?

To be noted: url, username and password use the same variables.

Hi @docking-module-phys4

This link on 415 Unsupported Media Type errors (as seen in your info above) suggest that the payload is wrong.

It suggests checking the Content-Type or Content-Encoding .

Try checking your output to ensure that the payload looks like it is supposed to.

That could be it, but how could I change the Content-Type or Content-Encoding in authorization requests?
I don’t see any option to edit the headers in auth requests.

Add the header yourself. If you start typing the words in the key:value boxes it will give you a list to choose from.

The auth headers would also be added to this list, they all get sent together.

There is no headers option when editing the authentication method for a collection, that is why I’m confused…

That’s at the collection level, I’m at request level.

Maybe I didn’t make myself clear in the first post: I am trying to set a collection Authorization.

For the sake of trying, I used your suggestion at request level, and I still got the same problem. I noticed also that the custom headers are not used in the authentication request.

Here a screenshot of my headers, notice the Content-Type:

Here’s the log of the error I got when asking for new token:

POST https://api.retelogisticastorage.it/api/externalServices/login: {
  "Network": {
    "addresses": {
      "local": {
        "address": "",
        "family": "IPv4",
        "port": 54206
      "remote": {
        "address": "",
        "family": "IPv4",
        "port": 443
    "tls": {
      "reused": false,
      "authorized": true,
      "authorizationError": null,
      "cipher": {
        "name": "ECDHE-RSA-AES256-GCM-SHA384",
        "standardName": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
        "version": "TLSv1/SSLv3"
      "protocol": "TLSv1.2",
      "ephemeralKeyInfo": {},
      "peerCertificate": {
        "subject": {
          "commonName": "*.retelogisticastorage.it",
          "alternativeNames": "DNS:*.retelogisticastorage.it, DNS:retelogisticastorage.it"
        "issuer": {
          "country": "GB",
          "stateOrProvince": "Greater Manchester",
          "locality": "Salford",
          "organization": "Sectigo Limited",
          "commonName": "Sectigo RSA Domain Validation Secure Server CA"
        "validFrom": "Mar 21 00:00:00 2022 GMT",
        "validTo": "Mar 21 23:59:59 2023 GMT",
        "fingerprint": "58:30:8C:CE:DB:AC:63:32:F3:C8:8A:6F:23:CF:23:35:B4:6F:C8:ED",
        "serialNumber": "0bdf4d03b3782d260db02d124174795b"
  "Request Headers": {
    "content-type": "application/x-www-form-urlencoded",
    "user-agent": "PostmanRuntime/7.29.0",
    "accept": "*/*",
    "cache-control": "no-cache",
    "postman-token": "7f4caaa8-e4dd-4360-bb30-42a5e56da744",
    "host": "api.retelogisticastorage.it",
    "accept-encoding": "gzip, deflate, br",
    "connection": "keep-alive",
    "content-length": "77"
  "Request Body": {
    "grant_type": "client_credentials",
    "client_id": "xxxxx",
    "client_secret": "xxxxx"
  "Response Headers": {
    "server": "nginx",
    "date": "Fri, 29 Apr 2022 10:43:37 GMT",
    "content-length": "0"
Error: Could not complete OAuth 2.0 token request

It appears that the header’s field I added is not used.

I am able to create a simple request to obtain a token, but I would like to obtain the token, but I am trying to achieve is to automate the oauth2 request for every request in the collection, that’s why I was working on collection level.