I have configured Oauth2 option token via Keycloak for one collection in my workspace. However I have different microservices API collections that use the same authenication. Is it possible to share same settings between collections, and retain possibility of automatically refresh token, and not copy the token into environment variable manually?
Can you do this? Yes, but should you do it is another matter.
You can save the token as a global or environment variable, and that would make it available to all collections in that work space.
However, tokens should be classed as confidential information and the general advice is to store tokens in the current value within an environment.
This means that the value does not get stored in the Postman Cloud and isn’t included if you export the environment JSON to store in a code repository. Therefore you cannot share it will colleagues this way. But you can use the same token in multiple collections.
Maybe my topic name was misleading. I just want to use same auth mechanism, between collections to avoid repetitive work. All sensitive data is in variables and it isn’t shared anywhere. That is ok. I have configured ouath auth option with keycloak, auto refresh token and all conveniences. I want to use the same configuration (if possible) on different collections. So not sharing token exactly but rather auth configuration. I hope this makes it more clear. 
Not that I’m aware of. You can’t share the authorization between collections in a workspace.
You can share the authentication within a collection by using folders, and putting the authentication at the appropriate level, but can’t call an authorization helper from another collection.
This is similar to calling a specific request which has been asked about a few times (and as far as I’m aware, this isn’t possible either). This should potentially be a feature request that should be raised on the Postman Github as sharing these artefacts are quite common in automation frameworks. (Therefore, if you change the authentication in one place, and it updates everywhere that authentication is used).
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.