Are there any security concerns in regards to registering an Oauth2 client with the Postman callback url (https://oauth.pstmn.io/v1/callback) ? In other words, if I sign into my organisation and retrieve the access token via the Postman callback url, are any of these secrets being sent to an external server? Are there other security concerns that I should be worrying about?
You might find what you are looking for here…
Thanks for the idea, but I don’t see any reference to the Postman callback URL. I was hoping someone could explain to me how it actually works, specifically if any data is sent to Postman during the Oauth flow.
You could try this link;
It has this contact info listed…
Alternatively there is this security portal…
Thanks for that, much appreciated.