Unable to Obtain OAuth Access Code

Hello -

I created a git issue for this but there’s been no feedback yet on it so I thought I’d share it here since someone might have some insight.

Environment

  • Postman Native App Version 7.18.0
  • Issue reproduced in macOS Catalina (10.15.3) and Windows 10

The Issue
I’m unable to use Postman to retrieve an OAuth access token. As far as I can tell from the Postman log, Postman is refusing to follow the redirect because it doesn’t match the registered callback URL. The only difference that I see is URL encoding of that URL (see Postman Log at bottom of post)

Steps To Reproduce

  1. Request access token using Postman UI (Get New Access Token)

    The Access Token Request

Expected Behavior
Postman directs to Authorization URL and then back to the Postman callback URL with an access code.

When I use a browser (not Postman) to request the authorization code by using the following URL:
https://datapower.192.168.13.10.nip.io/pd/sandbox/datapower/oauth2/authorize?response_type=code&client_id=d0189df3de1e32e9ebea9cd7003ef9ac&scope=scope_1&redirect_uri=https%3A%2F%2Fwww.getpostman.com%2Foauth2%2Fcallback

The redirect to the authorization URL works:

As well as the redirect – after authorization – back to the Postman callback URL with the authorization code (which I can then give to curl to get the access code

Actual Behavior in Postman
There is no redirect to the auth URL. Instead, an error is displayed on the Postman OAuth dialog window (Failed)

Postman Log

[23652][1581515931006][main][info]["OAuth2WindowManager~startLoginWith - Opening auth login window","https://datapower.192.168.13.10.nip.io/pd/sandbox/datapower/oauth2/authorize?response_type=code&state=&client_id=d0189df3de1e32e9ebea9cd7003ef9ac&scope=scope_1&redirect_uri=https%3A%2F%2Fwww.getpostman.com%2Foauth2%2Fcallback"]
[23652][1581515931034][main][info]["OAuth2WindowManager~certificate-error:","net::ERR_CERT_AUTHORITY_INVALID","https://datapower.192.168.13.10.nip.io"]
[23652][1581515931271][main][info]["OAuth2WindowManager~did-navigate:","https://datapower.192.168.13.10.nip.io"]
[23652][1581515931271][main][info]["OAuth2WindowManager~startLoginWith - Received redirect on auth login window"]
[23652][1581515931272][main][info]["OAuth2WindowManager~startLoginWith - URL did not match the registered callbackURL, so skipping"]```

Hi Dan,

It seems like the Certificate Authority (CA) used by https://datapower.192.168.13.10.nip.io isn’t recognized in Postman. This is likely either because you’re using a self-signed certificate or a local CA. You can try adding the certificate (in PEM format) via the Settings -> Certificates dialog under “CA Certificates”.

You can also try disabling “SSL certificate verification” under Settings -> General if it helps troubleshoot the issue.

Hope this helps!

Hi -

SSL verification is disabled. I’m fairly sure that message can be ignored.

@danchirillo,

Ah, I see. It looks like your login page is displaying a Basic Auth login dialog pop-up in the browser. It appears this isn’t captured in Postman’s OAuth dialog window. I believe this could be a legitimate bug, unfortunately.