How to persist an OAuth2 token (or use a refresh token) in Postman collections?

Question

The goal

Be able to run a collection without going through the authorization process of every call individually prior to running the collection.

Answer 1

First, read this answer from the thread. Now, consider this the second half of the question (based on the comments):

How do I use the refresh token?

1. Create a new POST request (easiest to duplicate the request you created to procure the access_token).

2. In the body, remove username and password. Replace grant_type with "refresh_token". Add refresh_token with the value "{{refresh_token}}", which is a reference to the variable that got created when you first authorized (did you remember to read this answer?)

3. Ensure your Tests section of the Refresh request overwrites the Postman variables for access_token and refresh_token. Why? Because whenever you execute a refresh, you'll get yet another refresh token. If you don't capture that new refresh token, you'll end up using the old refresh token and the API will reject it. Then you'll need to re-run the whole thing again from step one (i.e. from this answer).

4. Now when your authorization expires, you don't need to run the original request that contains your username and password. You can perpetually refresh using the request we just created. This is especially helpful when you are collaborating and need to share API access, but don't want to share username/passwords.

HTH!