Testing OAuth2 Authorization Flow with Postman (Authorization Code Grant)

preview_player
Показать описание
👉 Want to learn more about Postman? Check my Postman online course.

___

// A B O U T T H I S V I D E O

In this tutorial, I will you how you can test the OAuth 2.0 Authorization Code Grant using Postman.

== VIDEO UPDATE (November 2018) ==

You can also use

___

// I H A V E A Q U E S T I O N!

I do my best to answer all comments here on YouTube but I cannot make any guarantees.

If you have a question, it is best to ask your question on the Postman User Group on Facebook or on the Postman Community (links below).

If you have purchased the Postman online course, please use the Q&A section or send me a message on Udemy.

Please do not email me or contact me on other channels as I might not be able to answer. Sorry!

___

// I H A V E A V I D E O I D E A

Do you want me to create a video on a specific topic? Just fill out the form below:

___

// P L A Y L I S T S

Collection of video tutorials:

___

// F R E E R E S O U R C E S

▸▸▸ DOWNLOAD the FREE Postman Quick Reference Guide

▸▸▸ JOIN the Postman User Group on Facebook

▸▸▸ OFFICIAL Postman community forum

___

// IMPRINT

___
Рекомендации по теме
Комментарии
Автор

Life saver. It really sucks that you've got so few views and likes, but every like you do get, that's an application that was developed because of you.

jonydude
Автор

Hi all - I am sorry about the bad audio. I will re-record this video soon. Meanwhile ...

vdespa
Автор

Beautiful, thank u boss🙏 saved my life

randomperson
Автор

Thank you Sir for this concise and clear tutorial

ruipeng
Автор

This was perfect. Just what I needed. Thanks!

jwatts
Автор

Thank you very much, my question is how to Automate this process so that we can run this in CICD-Pipeline, with newmann or some other cli-tool.

j.sheriff
Автор

Do you have something about logging in to the app using Google or Facebook account?

олясинельникова-зч
Автор

Thank you for detailed explanation, How long is Authorization Code valid ?

krishnasm
Автор

The only video/source that disclosed the magic of the Oauth2!
One question though, do you know how Postman extracts the access and refresh token? when i do this on browser i get some cookies that don't seem to be what Postman gives me

gediminaszalys
Автор

This is not covered in the Udemy course?

antnam
Автор

Great tutorial. Do you know maybe how to make this 5:10 in two steps (= two postman requests ) ? As I understand first step would be request for authorization code and second would be getting access token. I'm just trying to find out what is called with which parameters step by step.
I've checked in Postman console what is it happening when getting new access token, but when I'm trying to make it on my own two requests I'm having some problem. I'm getting authorization code, but when I try to get access token I'm getting http 401:
{
"error": "invalid_client",
"error_description": "Given client ID does not match authenticated client"
}
I have no idea why (it looks that I'm doing exactly what is printed on console for 5:10 but I'm getting HTTP 401 😪 )

[Edit]
Some magic. I closed Postman, open it and everything started working :/

petercarpowitz
Автор

Very nice video! Thank you! Any idea how to automate this?

robertwagner
Автор

Perfect tutorial!, it helped me a lot!, but I have a question, How obtain my own callback URL?

erik
Автор

do you have anything similar for ROPC based flow without the client secret? or could you point me to a good resource...

Ash-kurz
Автор

Why is the client secret (a.k.a app server's secret so as not to get confused) given to the user to generate the access token? I thought that the whole purpose of the client secret was to keep it super secret such that only the app server that contains the resources knows it. Why does generating the token require knowing the secret at all if the user of the application is the one that is generating it?

shayhan
Автор

The newest postman requires a scope and state and does not fill in the callback URL. Also for the google api I was trying to connect to they only allowed you to enter a 'redirect" url. I'm hoping this is the same as a callback URL.

obesechicken
Автор

Where do I find the authorization code? Getting the grant type error in response

souravb
Автор

im using oauth 2 implicit and log in window will display..after i log in, i can close the window..and i will be able to use my api now...but is there a way postman can automate this?

marsh
Автор

imgur was supposed to return you an auth_code? I can't find that in the tutorial. Am I missing something? Don't understand how they directly sent you the token.

TrulyLordOfNothing
Автор

Has anyone got a {"data":{"error":"The redirect URI provided is missing or does not match", "request":"\/oauth2\/authorize", "method":"POST"}, "success":false, "status":400}

ki
join shbcf.ru