Since the latest Postman upgrade, we’ve noticed a significant change in the User Agent of the Postman OAuth2 browser when attaining an access token using the OAuth2 mechanism. Prior to the upgrade to Postman 10.24.6, we were using a specific User Agent string that worked seamlessly with our auth client to obtain tokens.
However, after the upgrade, it seems that the new User Agent string generated by the Postman OAuth2 browser is causing compatibility issues with our auth client. We’ve attempted to modify the User Agent string within the developer tools for the browser popup, but unfortunately, the change doesn’t seem to take effect.
In the oAuth2 browser, the following User-Agent string is being used post-upgrade to 10.24.6:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Postman/10.23.9 Electron/20.3.11 Safari/537.36
This differs from the User-Agent string that was used in the oAuth2 browser pre-release:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Postman/9.6.1 Chrome/87.0.4280.88 Electron/20.3.11 Safari/537.36
We need a solution to this. Is there a way to alter the User Agent string within the Postman OAuth2 browser? Or can we change the browser itself that’s being used? We’re eager to resolve this issue as it’s blocking our whole test team.
Platform Details:
We are using Postman Desktop on Windows App, version 10.24.6.
I’ve raised this with the engineering team to see if you can get an answer here - I’m not aware of anything that’s changed but I’d rather get the information from the internal team to give a more rounded answer.
Are there particular errors that you’re seeing or any other information/logs that you could share that we help us to debug this quicker?
Thanks for getting back to me so quickly, and escalating this further to the engineering team. More information about how this might have changed will be really useful.
To give more information, we integrate with an external identity authentication client that allows access to our application. This identity agent allows token generation via the oAuth2 flow using a smartcard. The agent successfully opens in the oAuth2 browser, and the authentication flow initiates, but we are soon met with a smartcard authentication failure, with the external client citing that the browser is not supported. That prompted us to look at the User-Agent being passed in the request via Postman console and we can see that these were different as per the first message.
The difference in User-Agent seems to be the front running theory, as it would explain why the identity agent now doesn’t allow auth.
If any other specific information would be useful, from the console or otherwise, please let me know.
I’m just chasing up on this one. I was wondering if you’d heard anything back from the engineering team about this strange issue. Perhaps the cause of the user agent change in that release and if there’s an option to revert.
As our test team are getting their applications updated, the more we become blocked, so any support for an expedited resolution would be doing us a real favour.
Anything else you need from us, even a demo of the problem, please let us know. Also, if this query is better posed to someone/somewhere else, let me know also.
Sorry to be a pain again, but nudging to see if the engineering team made any progress with this one on Friday. We’re keen to understand the cause and remedy.
Hey @stuart.gray, apologies for the delay, I’m looking into this issue now. Just to confirm once, you are using the OAuth2 flow from the Postman Desktop app without the Authorize Using Browser option?
Also, what version of Postman were you using prior to the upgrade?
Or can we change the browser itself that’s being used?
If you want to change the browser and authorize using the default browser in your system, you can select the option I’ve mentioned in the screenshot above.
In this case, do make sure to add https://oauth.pstmn.io/v1/callback to your application’s allowed redirect_uri/Callback URLs.
Thanks for your response. It has helped us reach a solution on this.
We needed to set https://oauth.pstmn.io/v1/callback as our callback URL in the Apigee application that facilitated this auth. This then allowed us to use an external browser away from Postman by selecting ‘Authorize using browser’ as suggested.
- I raised this again with the team and they are going to have a closer look tomorrow.
