OAuth Test: how to test and set up OAuth requests in your environment

To help you better understand and use OAuth in your environment, we put together this simple tutorial explaining how to configure a request collection using Postman.

Before you start, you must have Postman installed on your machine. You will also need an app registered with a plan to access the desired API on the API Manager. Finally, your API must contain an OAuth or JWT interceptor (depending on your security strategy) to validate the flow.

Let’s start, then!

Importing the environment

The fist step is importing the environment that will be used for the calls.

To do that, use the JSON file below, changing the following fields according to your environment:

  • ENVIRONMENT: add the name of your environment (e.g., demov3);

  • OAUTH_APP_CLIENT_ID: client ID of the app that will use the OAuth service;

  • OAUTH_APP_CLIENT_SECRET: client Secret of the App that will use the OAuth service.

{
 "id": "1cbf0033-fd38-8dd5-185c-847953c46490",
 "name": "ENVIRONMENT",
 "values": [
   {
     "key": "URL",
     "value": "http://apigateway.ENVIRONMENT.com/oauth",
     "enabled": true,
     "type": "text"
   },
   {
     "key": "CLIENT_ID",
     "value": "OAUTH_APP_CLIENT_ID",
     "enabled": true,
     "type": "text"
   },
   {
     "key": "CLIENT_SECRET",
     "value": "OAUTH_APP_CLIENT_SECRET",
     "enabled": true,
     "type": "text"
   },
   {
     "key": "AUTHORIZATION_KEY",
     "value": "AUTOMATIC",
     "enabled": true,
     "type": "text"
   },
   {
     "key": "REFRESH_TOKEN",
     "value": "AUTOMATIC",
     "enabled": true,
     "type": "text"
   },
   {
     "key": "CODE",
     "value": "AUTOMATIC",
     "enabled": true,
     "type": "text"
   }
 ],
 "_postman_variable_scope": "environment",
 "_postman_exported_at": "2018-04-17T12:09:14.110Z",
 "_postman_exported_using": "Postman/6.0.10"
}

After you save the JSON file, use the Postman import function.

oauth import collection oauth import

Importing the collection of requests

To import the collection of requests (V2), follow these steps:

  1. Download the collection OAuth 2.0;

  2. Unzip the "OAUTH2.0.postman_collection.zip" folder;

  3. Open Postman and click the Import button;

  4. Select the saved .json file and click "Open" to import it.

After importing, you will have a folder containing all the requests, as shown in the image below.

oauth collection

Generating a code

To test and use the OAuth flow in your environment, generate a code trough the item Grant-code. You can find this request on the root folder of the request collection you have just set up.

Remember this request, because you will use it in all the tests you perform.

Finally, after you execute the Grant-code request, you will be able to generate the access token that your strategy will use (be it JWT, Authorization Code, Client Credentials, Implicit, Password or Refresh Token).

Thanks for your feedback!
EDIT

Share your suggestions with us!
Click here and then [+ Submit idea]