Using POSTMAN to get Authorization Code - OAuth2.0

Question

I am using POSTMAN to test OAuth2.0 AuthCode flow for MSGraph. Following are details of the same:

AuthCode URL : https://login.microsoftonline.com/{tenant_id}/oauth2/authorize

AccessToken URL : https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token

When i did some research to see how to test OAuth2.0 using POSTMAN. I was able to find some threads which helped me to generate the access token and hit the user profile api to get the user details as shown in the screenshot below:

But, i have a weird requirement where in, i would like to generate an AuthCode in a separate request, then use it in another request to get the Access Token and then use the access token to get the user details in a separate request.

Can someone please help me with the Above requirement.

Answer 1

You can first request the authorization code in your browser:

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id={your-client-id}
&response_type=code
&redirect_uri=https://localhost:4500/web/completeoauth/ms
&response_mode=query
&scope=https://graph.microsoft.com/mail.read
&state=12345

Then use the authorization code to request the token in postman:

---

Update:

If you don’t want to use a browser, just don’t check the Authorize using browser checkbox, and then set the Callback URL to your Redirect URIs. When you request a token, it will prompt you to log in.

After you log in，it will return the access token directly to you.But you will not see the code, this is because the system directly exchanges your code for token and returns it to you.

Answer 2

In Postman, in the test tab of the first request, you need to store the AuthCode in an environment variable: pm.environment.set("authCode", authCode).

You then can use that in the pre-request script of the next request via pm.environment.get("authCode") or in the headers or as url parameter: {{authCode}}.