Testing OAuth2 Authorization Flow with Postman (Authorization Code Grant)

Life saver. It really sucks that you've got so few views and likes, but every like you do get, that's an application that was developed because of you.

jonydude

Hi all - I am sorry about the bad audio. I will re-record this video soon. Meanwhile ...

vdespa

Beautiful, thank u boss🙏 saved my life

randomperson

Thank you Sir for this concise and clear tutorial

ruipeng

This was perfect. Just what I needed. Thanks!

jwatts

Thank you very much, my question is how to Automate this process so that we can run this in CICD-Pipeline, with newmann or some other cli-tool.

j.sheriff

Do you have something about logging in to the app using Google or Facebook account?

олясинельникова-зч

Thank you for detailed explanation, How long is Authorization Code valid ?

krishnasm

The only video/source that disclosed the magic of the Oauth2!
One question though, do you know how Postman extracts the access and refresh token? when i do this on browser i get some cookies that don't seem to be what Postman gives me

gediminaszalys

This is not covered in the Udemy course?

antnam

Great tutorial. Do you know maybe how to make this 5:10 in two steps (= two postman requests ) ? As I understand first step would be request for authorization code and second would be getting access token. I'm just trying to find out what is called with which parameters step by step.
I've checked in Postman console what is it happening when getting new access token, but when I'm trying to make it on my own two requests I'm having some problem. I'm getting authorization code, but when I try to get access token I'm getting http 401:
{
"error": "invalid_client",
"error_description": "Given client ID does not match authenticated client"
}
I have no idea why (it looks that I'm doing exactly what is printed on console for 5:10 but I'm getting HTTP 401 😪 )

[Edit]
Some magic. I closed Postman, open it and everything started working :/

petercarpowitz

Very nice video! Thank you! Any idea how to automate this?

robertwagner

Perfect tutorial!, it helped me a lot!, but I have a question, How obtain my own callback URL?

erik

do you have anything similar for ROPC based flow without the client secret? or could you point me to a good resource...

Ash-kurz

Why is the client secret (a.k.a app server's secret so as not to get confused) given to the user to generate the access token? I thought that the whole purpose of the client secret was to keep it super secret such that only the app server that contains the resources knows it. Why does generating the token require knowing the secret at all if the user of the application is the one that is generating it?

shayhan

The newest postman requires a scope and state and does not fill in the callback URL. Also for the google api I was trying to connect to they only allowed you to enter a 'redirect" url. I'm hoping this is the same as a callback URL.

obesechicken

Where do I find the authorization code? Getting the grant type error in response

souravb

im using oauth 2 implicit and log in window will display..after i log in, i can close the window..and i will be able to use my api now...but is there a way postman can automate this?

marsh

imgur was supposed to return you an auth_code? I can't find that in the tutorial. Am I missing something? Don't understand how they directly sent you the token.

TrulyLordOfNothing

Has anyone got a {"data":{"error":"The redirect URI provided is missing or does not match", "request":"\/oauth2\/authorize", "method":"POST"}, "success":false, "status":400}

ki