OAuth Test: how to test and set up OAuth requests in your environment

To help you better understand and use OAuth in your environment, we put together this simple tutorial explaining how to configure a request collection using Postman.

Before you start, you must have Postman installed on your machine. You will also need an app registered with a plan to access the desired API on the API Manager. Finally, your API must contain an OAuth or JWT interceptor (depending on your security strategy) to validate the flow.

Let’s start, then!

Importing the environment

The fist step is importing the environment that will be used for the calls.

To do that, use the JSON file below, changing the following fields according to your environment:

  • ENVIRONMENT: add the name of your environment (e.g., demov3);

  • OAUTH_APP_CLIENT_ID: client ID of the app that will use the OAuth service;

  • OAUTH_APP_CLIENT_SECRET: client Secret of the App that will use the OAuth service.

{
 "id": "1cbf0033-fd38-8dd5-185c-847953c46490",
 "name": "ENVIRONMENT",
 "values": [
   {
     "key": "URL",
     "value": "http://apigateway.ENVIRONMENT.com/oauth",
     "enabled": true,
     "type": "text"
   },
   {
     "key": "CLIENT_ID",
     "value": "OAUTH_APP_CLIENT_ID",
     "enabled": true,
     "type": "text"
   },
   {
     "key": "CLIENT_SECRET",
     "value": "OAUTH_APP_CLIENT_SECRET",
     "enabled": true,
     "type": "text"
   },
   {
     "key": "AUTHORIZATION_KEY",
     "value": "AUTOMATIC",
     "enabled": true,
     "type": "text"
   },
   {
     "key": "REFRESH_TOKEN",
     "value": "AUTOMATIC",
     "enabled": true,
     "type": "text"
   },
   {
     "key": "CODE",
     "value": "AUTOMATIC",
     "enabled": true,
     "type": "text"
   }
 ],
 "_postman_variable_scope": "environment",
 "_postman_exported_at": "2018-04-17T12:09:14.110Z",
 "_postman_exported_using": "Postman/6.0.10"
}

After you save the JSON file, use the Postman import function.

oauth import collection oauth import

Importing the request collection

After you select the file, import the request collection, pasting the link below on the new window that will open up.

https://www.getpostman.com/collections/2eac6bc20f58c9eb4974

Example:

oauth import collection url

After the import, you will have a request folder, as the image below shows.

oauth collection

Generating a code

To test and use the OAuth flow in your environment, generate a code trough the item Grant-code. You can find this request on the root folder of the request collection you have just set up.

Remember this request, because you will use it in all the tests you perform.

Finally, after you execute the Grant-code request, you will be able to generate the access token that your strategy will use (be it JWT, Authorization Code, Client Credentials, Implicit, Password or Refresh Token).

Thanks for your feedback!
EDIT

Share your suggestions with us!
Click here and then [+ Submit idea]