Postman — OAuth 2.0 Authentication
With OAuth 2.0, you first retrieve an access token for the API, then use that token to authenticate future requests. Access tokens are typically short-lived, but the authorization server can also provide a long-lived refresh token. A client application can use the refresh token to automatically
Lets do step by step, how we can do OAuth 2.0 Authentication via Postman and send token in HTTP request’s header
Step 1: Open Postman and go to Authorization tab => Select OAuth 2.0 from drop down as below:
Step 2: Add configurations to generate token as below:
- Header Prefix — Bearer
- Token Name — Any Name
- Grant Type — Implicit
- Callback URL — give any client web app URL
- Auth URL — Authorization Server URL
- Client ID — should be of web client
- Scope — can give multiple scopes separated by space
- Client Authentication — Select — Send client credentials in body
Step 3: Now click on Generate Token button available at the end as:
Step 4: It will open a screen ask to enter credentials. Add valid credentials (Username + Password) and token get generated as:
Step 5: Now start doing HTTP calls and Authentication header automatically gets attached with every call.
Step 6: When you get 401, just again repeat Step 3 onwards
