CODEWITHSUNDEEP
postmangoogle-oauthweb-api-testing
Registered User
Registered User

Reputation: 2299

postman: How to authenticate for my webapp which uses Google OAuth2?

I have a web app which uses Google OAuth2 for security. There are many API endpoints which I need to test through postman, but they require the user to authenticate using google.

When I access some API, say localhost:8080/user, the web app redirects to google login page if the user is not authenticated, and sends results after authentication. Otherwise, if the user is already authenticated, it simply sends back the results. I can also use localhost:8080/login to explicitly login the user(which is what the login button does on the homepage). This works fine for browsers, but it does not work in postman.

How do I do the same in Postman? Trying to access the API returns the google login page, but there is no way to provide credentials(username, password and OTP). Is there a way by which I could login using the localhost:8080/login endpoint?

Upvotes: 3

Views: 5251

Answers (2)

Registered User
Registered User

Reputation: 2299

One can use the "get new access token" option that is shown when OAuth2 is selected as auth option.

Upon selecting this option, add the relevant details, same as that in your application. Clicking request token should now show a simple browser like a window, where the OAuth providers login page shall be shown.

Upon login, Postman saves the token, which can then be used for further requests.

I have created a blog post with little bit more details.

Upvotes: 1

Ed Meacham
Ed Meacham

Reputation: 583

I think you may be able to use the "Pre-request Script" feature to accomplish what you need.

Assuming POST /login is accessible, and you are able to store the session data for the authenticated session, you can use the "Pre-request Script" feature to perform the authentication before each request. (this can be done at the collection level, or the request level.)

Here is an example of what I do on some of the endpoints I use that require authentication... 

const loginRequest = {
    url: "http://localhost:1337/login",
    method: "POST",
    body: {
        mode: "raw",
        raw: JSON.stringify({
            email: '[email protected]',
            password: 'so much security goin on here.'
        })
    }
};

pm.sendRequest(loginRequest, function (err, response) {
    const responseJSON = response.json();
    pm.environment.set('jwt_token', responseJSON.token);
    console.log(err ? err : pm.environment.get('jwt_token'));
});

This is NOT THE BEST way to handle pre-authenticating for protected endpoints; instead of making one request, you're making two, every time. What I usually do is hit POST /login, store what I need from that result in collection/environment/global variables, and use those variables in my other requests. I use the "two-request" method as a hack for situations where I have a third-party auth I need to perform (similar to what I think you're trying to do) or when I am creating/debugging an API that requires authentication on each request.

If I am way off here, let me know in the comments and I will update my response(s).

Upvotes: 0

Related Questions