Postman Google OAuth2.0 : Missing required parameter: code

🙋 Help
1

I have a collection in Postman which all connects to the Google API, I want to implement the Auth2.0 at collection level as a pre-request script in order to generate an access token. I am using the following code to do so:

let callbackUrl = 'xxxxxxxxx';
let authUrl = 'https://accounts.google.com/o/oauth2/auth';
let tokenUrl = 'https://oauth2.googleapis.com/token';
let clientId = 'xxxxxxxxx';
let clientSecret = 'xxxxxxxxxxxx';
let scope = 'xxxxxxxxx'

let getTokenRequest = {
    method: 'POST',
    url: tokenUrl,
    auth: {
        type: "basic",
        basic: [
            { key: "username", value: clientId },
            { key: "password", value: clientSecret }
        ]
    },
    body: {
        mode: 'formdata',
        formdata: [
            { key: 'grant_type', value: 'authorization_code' },
            { key: 'redirect_uri', value: callbackUrl },
            { key: 'authUrl', value: authUrl },
            { key: 'scope', value: scope }
            ]
    }
};

pm.sendRequest(getTokenRequest, (err, response) => {
    let jsonResponse = response.json(),
        newAccessToken = jsonResponse.access_token;

    console.log({ err, jsonResponse, newAccessToken })

    pm.environment.set('accessToken', newAccessToken);
    pm.variables.set('accessToken', newAccessToken);
});

If I run this I get back

“Missing required parameter: code”

in the postman console. I can see the issue is I am not submitting a code parameter as when I merely generate a token from the UI without using pre-request scripts i am showing this in my postman console:

grant_type:"authorization_code"
code:"4/rgGpWyiaxxxxxxxx6j3EZANLDPmHHxxxxxxxxxxxxxxxxxxxo6bRnbBZovn1T-Setccccccccccccccccccccccccccccccccccccccccccccccxxxxxxxxxxx"
redirect_uri:"xxxxxxxx"
client_id:"xxxxxxxx"

My question is where does this code originate from? I am assuming postman generates it as it is part of my Request Body? And how do I generate it to add to my request body as part of my pre-request script?

2

If I understand correctly, the ‘code’ parameter refers to the Authorization Code retrieved rom the initial GET Request from the Identity Server, and you then use this Authorization Code to get the Token in a POST.

Literally just this week I’ve started working on this kind of stuff so I may be wrong.

Docs for IndentityServer4: http://docs.identityserver.io/en/latest/endpoints/authorize.html
Has an example of the required parameters for authorize endpoint. (Obviously this changes ID server to ID server)

1 Like
3

Hi Liam,

You are 100% correct - you have to first request the auth code with a get command, i have managed to do this in browser with the following URL:

https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/bigquery&response_type=code&access_type=offline&redirect_uri=&client_id=

Problem is when I run this is postman it returns me the HTML of the google sign in page, if I run in browser and authorise access, I can copy that code and use in the POST and it works like a charm, however, only for one access token.

Thanks to you I am definitely much closer, will keep attempting and let you know if I come right.

4

Sounds like the same issue I ran into yesterday, I found that using the ‘Preview’ under Response would show the Login webpage but it had no Javascript behind it so I could only login using an actual Browser to receive the auth code.

I figured it’s something I can’t automate in Postman because of the UI but I could just be too inexperienced.

If it’s any help, I found this a while ago: https://medium.com/@allen.helton/how-to-automate-oauth2-token-renewal-in-postman-864420d381a0

I think it’s trying to achieve a similar thing to what you want, I’ve never been able to get it to work, but as I said I’ve only just started testing authentication like this.

Hope I helped!