How to authenticate an OAuth 2 connection with Postman?

1

My API uses in the Rails 5 backend gem devise_token_auth ( omniauth ) for authentication. The frontend is using ng-token-auth (Angular 1.x).

I have all the API requests in Postman . I did the security implementation and I need to authenticate Postman with every request. Devise_token_auth uses authentication with OAuth 2 and I'm having difficulty implementing this authentication.

For this type of authentication, using Postman, what is the process required to gain access to the API?

    
asked by anonymous 30.12.2016 / 12:15

1 answer

0

After several attempts and errors, I was able to carry out the authentication process in my API and proceed with the accesses to the resources.

I detail the procedure below. Any questions please use the comments below.

Postman

Under Manage Environments click Bulk Edit and add:

URL:https://sua.maravilhosa.api:3000
access-token:NOy64-MdaRd6UXMvm4OU3Q
client:gJ6tx2BKpmUVwQ5aQwtGiQ
expiry:1484612121

Create an authentication request, use the URL {{URL}}/auth/sign_in , go to the Tests tab and add:

postman.setEnvironmentVariable("access-token", responseHeaders['access-token']);
postman.setEnvironmentVariable("client", responseHeaders['client']);
postman.setEnvironmentVariable("expiry", responseHeaders['expiry']);
  

This code will update the variables access-token , client and expiry .

Create (or edit) a request for your API, go to the Headers tab, click Bulk Edit and add:

access-token:{{access-token}}
token-type:Bearer
client:{{client}}
expiry:{{expiry}}
uid:[email protected]
  

This should be done for each request. You will find more details about the authentication header for devise_token_auth clicking here .

Rails

To avoid logging in to each request, disable change_headers_on_each_request , so open the file devise_token_auth.rb and change config.change_headers_on_each_request to true .

  

A new feature that adds the ability to create triggers with functions is being discussed in this issue . This could automate the process and lessen the manual effort.

Once the above procedures are done, simply click send on the request tab.

Bonus

See below for an animated gif demonstrating the process.

    
03.01.2017 / 01:38