generate access token using Postman

Question

I have written API using Django REST Frameword and Django oAuth Toolkit for oauth2 authentication and using Postman to test my API authorization process.

I have to send following curl request

curl -X POST -d "grant_type=password&username=<user>&password=<password>" -u "<client_id>:<client_secret" http://127.0.0.1:3333/auth/token/

I can generate access_token simply using Postman Get Access Token window

But I want to do it by sending a request and passing data using request form, so that I could test the API and also generate the documentation for auth.

Now, I can pass user data (username, password) in form-data but how to pass client_id and client_secret?

Answer 1

curl encrypts the value of -u parameter, which we can see using -v (verbose)option.

Therefore, to collect the header's authorization value, use -v once with the curl command. It will print the raw request as following:-

$ curl -X POST -d "grant_type=password&username=<user>&password=<password>" -u "client_id:client_secret" http://127.0.0.1:3000 -v
Note: Unnecessary use of -X or --request, POST is already inferred.
* Rebuilt URL to: http://127.0.0.1:3000/
*   Trying 127.0.0.1...
* TCP_NODELAY set 
* Connected to 127.0.0.1 (127.0.0.1) port 3000 (#0)
* Server auth using Basic with user 'client_id'
> POST / HTTP/1.1
> Host: 127.0.0.1:3000
> Authorization: Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=
> User-Agent: curl/7.54.0
> Accept: */*
> Content-Length: 55
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 55 out of 55 bytes
< HTTP/1.1 200 OK
< Content-Type: text/plain
< Date: Sat, 19 May 2018 07:09:35 GMT
< Connection: keep-alive
< Transfer-Encoding: chunked
< 

In the above verbose log, we can see the Key Value pairs as

> Authorization: Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=

After collecting these key as "Authorization" and value as "Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=", you can use them in headers of the request through postman. "Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=" is the encrypted value generated using the -u "client_id:client_secret" option with curl.

Hope this will solve the auth problem using postman request.

Answer 2

For a full Postman answer, the way to accomplish this is with a pre-request script. The client id and the client secret are simply encoded with the base64 encoding scheme. Just do this:

Notice that client_id_client_secret is an environment variable. If you don't want to do that, then drop the first line and hard-code your client id and secret into CryptoJS.enc.Utf8.parse('my-trusted-client:mysecret'), where 'my-trusted-client' is the client id and 'mysecret' is the client secret.

Here's the code for copy/paste joy.

let keys = pm.environment.get('client_id_client_secret');
let encoded = CryptoJS.enc.Base64.stringify(CryptoJS.enc.Utf8.parse(keys));
pm.environment.set("base64_client_id_client_secret", encoded);

Now, create a header and include the variable you created:

The value part of that image:

Basic {{base64_client_id_client_secret}}

Now... just Postman bliss.