Reputation: 51169
Browser test tool for OAuth2 "Client Credentials Flow"
Till now, the REST API application we've been developing has used a simple api key passed in as a URL parameter, but we've just switched to using the OAuth2 Client Credentials Flow.
This is the simple workflow in which a client POSTs a key and secret via basic authentication and receives an expiring access token. Unfortunately, simple as it is, it's made it considerably more difficult to do quick tests of the API in a browser, either during development or for our support team to do installation sanity checks.
I've tried OAuth 2.0 Playground and REST Console for Chrome, but both of these only seem to support the more complex Authorization Code Grant workflow. Is there a browser-based tool that supports the Client Credentials flow?
Upvotes: 18
Views: 34609
Answers (3)
Reputation: 396
Here's my configuration for testing the client credentials flow using the Chrome extension, Postman.
Upvotes: 12
Reputation: 12384
You can actually configure the OAuth 2.0 Playground to use the Client Credentials flow. Just click on the "Wheely" icon on the top right to open the configuration menu and select the "Client Side" Flow.
Another trick you can "Restore" the Playground by generating a URL (click on the "URL" ico on the top right). For instance use this link to have the playground configured for the Client Credential flow automatically: https://developers.google.com/oauthplayground/#step1&response_type=token
Upvotes: 4
Reputation: 19
Suggest you try Google OAuth 2.0 Playground (https://developers.google.com/oauthplayground/). While it is optimized for Google-specific OAuth2 flows, you can custom configure the OAuth Endpoints and other parameters to use your flow. You'll just need to make sure to use https://developers.google.com/oauthplayground (no trailing slash) for your redirect URI, or you'll get a redirect mismatch (if your system checks that.) Once configured it lets you save a parameterized URL so you don't have to type in all of the configurations the next time you go there.
Currently looking for other tools as well. Happy to post any others I find.
Upvotes: -1
Related Questions
- How to test a Oauth2.0 resource of server
- OAuth2 without a browser?
- Automate OAUTH2 authentication
- How can I test oAuth2 in localhost testing environment?
- Automated API testing of OAuth2/OpenID Connect protected API
- Integration tests of an OAuth2 authentication service?
- OAuth test server / application
- REST client that can handle login via oauth
- Is there a testing site available where we can test our OAuth 1.0a signatures?
- Is there an authorization server that I can use to test a client implementation of OAuth 2.0?