Pass Authentication Code into URL Parameter instead of request body

My question: I am attempting to set up an Oauth 2 connection from Wrike. I am able to authenticate through OneLogin and get the authentication code. The issue is that Postman defaults to passing this on in the request body and Wrike requires it as a URL parameter in the post request to obtain the access token.

I can set other parameters to be passed on via the Oauth 2 helper, but the actual code can’t seem to be passed on this way.

image

I thought about using pre-request or test scripts, but in my testing it appeared to not work for the authentication requests. Is there any way to get the authentication code into the parameter from here, or will I have to code a pre-request Oauth script from scratch to do what I hope to accomplish?

It sounds like the authentication for this application is not quite standard and I do suspect that the helper doesn’t support this method at the moment (Perhaps you can submit a change request on the Postman Github if you would like them to consider this for future enhancements).

I haven’t seen any other apps that mix and match the way you are describing, so I suspect that you are correct in that you will probably need to set this up as a pre-request script using sendRequest() which means you can be in control of how and what you sent.

Although saying that, doesn’t the authorization_code grant type require you to use the browser to login (like OpenID), so how would that bit work in a pre-request script? (Which is what the “helper” helps with).

I thought you have to hit the /authorize endpoint first (which is where it redirects for the user to login and requires a browser). Once you have the code, you then send the code along with the client_id and secret to the token endpoint which will then return the ID and access token for you to consume.

Did you ever figure this out? I have a similar OAuth2 flow which expects the code to be sent as a URL parameter.

Postman seems to be aware of the params sent in the body, because if I set an empty URL parameter with the same name in the token request settings, it omits that parameter from the POST request body.

It would be great if we could access these values as a dynamic variable of some kind, or if the scripts ran on these requests.