How to auto generate new Bearer Token in Postman for GCP Storage

Question

I am trying to upload file from local to GCP bucket through cloud storage Rest API (https://storage.googleapis.com/upload/storage/v1/b) using Postman.

I am using Bearer Token for authorization and running $(gcloud auth print-access-token) command on GCP Shell to generate that token every time.

I need to know, how to auto generate that token from Postman while sending request ?

Is there any way to execute $(gcloud auth print-access-token) every time as a Pre-request Script within Postman ?

Thanks

Answer 1

Google Cloud Storage requires authentication as other Google APIs and one of the authentication way is providing bearer token. These bearer tokens are short lived and require regeneration.

So there are 3 ways to generate bearer tokens so you can interact with Google Storage API or other Google APIs using Postman:

1. Using oauth2l CLI ( Manual Regeneration of new bearer token and update of Authorization header with the new token)

   • This oauth2l CLI utility allows you to generate bearer tokens which can be pasted into the Authorization header in postman. You can use

2. Configuration of Postman with OAuth 2 and User Credentials ( Tokens can be managed via the Postman UI and expired ones cleaned up at the click of a button)

   • Postman can be configured to trigger the OAuth 2 flow and use a generated bearer token in all of the requests. But please make sure that all users have the correct permissions in the Google Cloud Platform project.

   • You will need to create OAuth 2 credentials in Google Cloud Console:

     1. Go to APIS and Services
     2. Then go to Credentials tab
     3. Click on Create Credentials
     4. Select OAuth Client ID
     5. Fill the fields to create OAuth Client ID ( also add an Authorized redirect URI however this doesn’t need to resolve to anywhere).

   • The Client ID and Client Secret need to be saved in your machine.

   • Use Postman’s environment variable functionality to use different credentials per environment/project. In Postman create a new environment for your credentials using the cog icon at the top right.

   • Configure the variables accordingly: AUTH_CALLBACK_URL , AUTH_URL, AUTH_CLIENT_ID, AUTH_CLIENT_SECRET, AUTH_ACCESS_TOKEN_URL

   • This variable should be identical to that defined in the OAuth 2 Client ID creation menu and should be one of the following : AUTH_SCOPE

   • Once defined, these variables can be used in your Authorization tab in Postman. This can be configured at the collection level, the folder level or even the individual request level.

   • To Regenerate the Token, you can go to Authorization Tab and click on GET NEW ACCESS TOKEN

3. Configuration of Postman to use a pre-request script and service credentials (The pre-request script automatically regenerates the bearer token when it expires)

   • For this please check this Tutorial to follow the steps provided there.

Answer 2

I'm not very good with postman, but I think you can run pre-request to get token and reuse it in the subsequent request.

If so, you can get inspiration from the gcloud auth print-access-token command by adding the --log-http param to visualize the request performed by the CLI and to reproduce them in Postman.

---

EDIT 1

If you perform the request, you can see that a post is performed to this URL https://oauth2.googleapis.com/token

To reproduce the call, you can try with a curl

curl -X POST -d "grant_type=refresh_token&client_id=32555940559.apps.googleusercontent.com&client_secret=ZmssLNjJy2998hD4CTg2ejr2&refresh_token=<REFRESH_TOKEN>&scope=openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fappengine.admin+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Faccounts.reauth" https://oauth2.googleapis.com/token

In this call, you need your REFRESH_TOKEN, that you can get here

cat ~/.config/gcloud/legacy_credentials/<YOUR EMAIL>/adc.json