Postman doesn't return an access_token in response

Setting up an authorization server with spring 6. Trying to create a new access token through postman. It doesn’t return an access token in the response. Credentials, url etc all is fine.
What am I missing?

Hey @lilianetop :wave:

Welcome to the Postman Community! :postman:

That looks like it’s returning a sign in HTML page, are you sure you have it set up correctly or your using the correct credentials.

Yes I am. I am doing this course spring-framework-6 from beginner to guru from John Thompson and this module is setting up an authorization server. I am using this documentation for setting it up: Getting Started :: Spring Authorization Server

@danny-dainton
This is the bean I am creating :slight_smile:

@Bean
  public RegisteredClientRepository registeredClientRepository() {
    RegisteredClient oidcClient = RegisteredClient.withId(UUID.randomUUID().toString())
        .clientId("oidc-client")
        .clientSecret("secret")//usually you encrypt this secret and store it safe
        .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
        .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
        .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
        .redirectUri("http://127.0.0.1:8080/login/oauth2/code/oidc-client")
        .postLogoutRedirectUri("http://127.0.0.1:8080/")
        .scope(OidcScopes.OPENID)
        .scope(OidcScopes.PROFILE)
        .scope("message.read")
        .scope("message.write")
        .clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
        .build();

    return new InMemoryRegisteredClientRepository(oidcClient);
  }

and in Postman this is how I use these credentials to create an access token

and in application.properties file I set the server to port 9000

I’m going to lie, that means very little to me. :grimacing: I don’t know what that course is or anything about that programming language. I wouldn’t be able to debug anything for you here.

I can’t even seen within that code, how it’s going to return an access token as a response but that might be just my misunderstanding of that framework.

I can just see that from your initial screenshot, whatever you have done/implemented, it’s returning a sign page and not a known structure that contains an access_token.

The following should be returned. I guess all the information I provided is actual not the issue. Something has changed within Postman which no longer allows to return an access token and I am looking for a way to solve this.

I don’t know where that screenshot is from or what details that they have used to get to that point or the version that they were using for that. I also don’t know their implementation/setup/environment/etc.

I can only tell you what is currently happening for your implementation and that it’s returning some sort of sign in form. In the middle of that text it has a title tag that says “Please sign in” which is probably from some modal or popup when hitting that URL.

I don’t know if that’s something to do with cookies or a browser session or the details that you have used or something completely different.

I have no idea about what that particular flow should be for that training.

The screenshot is from the course and I should get something similar. Only do do not get an access token in my response. The idea is that the request returns the access token and redirects to login page. That is correct. I am just missing the access token.

You say that “Something has changed within Postman which no longer allows to return an access token”.

Does that mean it worked for you at some point??

I doubt this is an issue with Postman per se.

This will be for one of two reasons.

  1. The info you are sending is incorrect.
  2. The token API code is incorrect.

I don’t think we can help with either of those without knowing much more about the implementation, which means we would have to take the course.

This sounds like a question that would be better posed on a Springboot forum.

Client Credentials is a server to server interaction that usually runs in the background without interaction from a user. So the fact that its returning you the HTML code for a login page is very odd indeed. This would appear to point to an issue with the info you are sending\grant type or the token API itself.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.