The client_ID is basically the application you are connecting to and needs to come from your administrator.
The client_secret is related directly to the client_ID and also needs to come from your administrator.
These are usually sensitive data and should be setup as “secret” environment variables, so they don’t end up in your code repository (or Postmans) or in the code (Pre-request scripts or Tests tab).
The following is an example of using sendRequest with a pre-request script that authenticates to Microsoft via OAuth2. This returns a token_ID that gets used as the BearerToken for the next request which just uses the URL of the application home page. It basically bypasses the Microsoft login as we don’t really want to test that part of the application.
In the screenshot posted by @w4dd325 , I think the Auth URL is the URL for the API you want to connect to, and the Access Token URL is the token provider (like Microsoft in this example).
pm.test("Check for collectionVariables", function () {
let vars = ['clientId', 'clientSecret', 'tenantId', 'username', 'password', 'scope'];
vars.forEach(function (item, index, array) {
console.log(item, index);
pm.expect(pm.collectionVariables.get(item), item + " variable not set").to.not.be.undefined;
pm.expect(pm.collectionVariables.get(item), item + " variable not set").to.not.be.empty;
});
if (!pm.collectionVariables.get("bearerToken") || Date.now() > new Date(pm.collectionVariables.get("bearerTokenExpiresOn") * 1000)) {
pm.sendRequest({
url: 'https://login.microsoftonline.com/' + pm.collectionVariables.get("tenantId") + '/oauth2/v2.0/token',
method: 'POST',
header: 'Content-Type: application/x-www-form-urlencoded',
body: {
mode: 'urlencoded',
urlencoded: [
{ key: "client_id", value: pm.collectionVariables.get("clientId"), disabled: false },
{ key: "scope", value: pm.collectionVariables.get("scope"), disabled: false },
{ key: "username", value: pm.collectionVariables.get("username"), disabled: false },
{ key: "password", value: pm.collectionVariables.get("password"), disabled: false },
{ key: "client_secret", value: pm.collectionVariables.get("clientSecret"), disabled: false },
{ key: "grant_type", value: "password", disabled: false },
]
}
}, function (err, res) {
if (err) {
console.log(err);
} else {
let resJson = res.json();
pm.collectionVariables.set("bearerTokenExpiresOn", resJson.expires_in);
pm.collectionVariables.set("bearerToken", resJson.id_token);
}
});
}
});
One query I have. Are you sure you have permissions to POST to the API. If the GET request is working, then it might be a permissions thing.