How to persist an OAuth2 token (or use a refresh token) in Postman collections?

前端未结

关注

 4  2083

一整个雨季 2021-01-30 05:50

The goal

Be able to run a collection without going through the authorization process of every call individually prior to running the collection.

4条回答

慢半拍i (楼主)

2021-01-30 06:18
Both the other answers are correct. But, there is another way by which this can be done and does not require any extra request. This method uses the pre-request script of the request which needs the access_token. You can use the pm.sendRequest as documented in the postman-sandbox-api

From the pre-request script just send a request to the auth-token URL. Send all the credentials and the refresh token. In the response you will get the access token, which you can then persist in the environment or just in-memory and then use it.

Sample code I have made a gist here https://gist.github.com/harryi3t/dd5c61451206047db70710ff6174c3c1
```
// Set all these variables in an environment or at collection level
let tokenUrl = pm.variables.get('tokenUrl'),
    clientId = pm.variables.get('clientId'),
    clientSecret = pm.variables.get('clientSecret'),
    refreshToken = pm.variables.get('refreshToken'),
    requestOptions = {
      method: 'POST',
      url: tokenUrl,
      body: {
        mode: 'formdata',
        formdata: [
            {
                key: 'grant_type',
                value: 'refresh_token'
            },
            {
                key: 'client_id',
                value: clientId
            },
            {
                key: 'client_secret',
                value: clientSecret
            },
            {
                key: 'refresh_token',
                value: refreshToken
            }
        ]
      }
    };

console.log({ requestOptions });

pm.sendRequest(requestOptions, (err, response) => {
  let jsonResponse = response.json(),
      newAccessToken = jsonResponse.access_token;

  console.log({ err, jsonResponse, newAccessToken })

  // If you want to persist the token
  pm.environment.set('accessToken', newAccessToken);

  // Or if you just want to use this in the current request and then discard it
  pm.variables.set('accessToken', newAccessToken);
});
```
Now when the request is being sent, the variable accessToken will be present, which you can use in your request like this:

Note: There are 4 types of Grant Types in Oauth2. Two of them (Auth code & Implicit) requires interaction with the browser which can't be automated. But if the server provides refresh-token then the above script can help you get the access-token. The other two types (client credentials & password credentials) doesn't require any browser interaction. So these can be automated from the scripts. If you are using client_credentials, you can tweak the above script to get the code from the authUrl and then get the access_token from AuthTokenUrl.
0 讨论(0)

查看其它4个回答
发布评论:

提交评论
- 加载中...