0

I made a django OAuth server using Django OAuth Toolkit.

I've setup the code right and when I use CURL in the following way:

curl -X POST -d "grant_type=password&username=geethpw&password=abcabcabc" -u"wHsGgpsHZyw8ghnWbEPZC8f4AZLgJIPmoo50oNWp:ZQcXeQWnae0gmX0SMi6Xn6puBnhiphR2M80UC6ugmffbrUd66awhbguYgxtQ1ufahJZehj4RlGjYu06fHkVgO15TURttSozj27nshl0AhFfCVzUKqTDubBimTSsK4yDS" http://localhost:8000/o/token/

I get a response:

{"access_token": "glzwHLQNvUNQSOU5kFAoopgJxiNHcW", "token_type": "Bearer", "expires_in": 36000, "refresh_token": "5k6jvCd2UxaRUGHKONC2SqDukitG5Y", "scope": "read write groups"}Geeths-MacBook-Pro:~ geethwijewickrama$ 
Geeths-MacBook-Pro:~ geethwijewickrama$

which is expected.

But When I try postman to do the samething, I always get:

{
  "error": "unsupported_grant_type"
}

My headers are:

Content-Type:application/x-www-form-urlencoded

If I remove this header I get:

{
  "error": "invalid_client"
}

How can I test my APIs in postman?

JGCW
  • 1,509
  • 1
  • 13
  • 25

2 Answers2

2

Your postman body should be something like:

grant_type: <grant_type>
client_id: <client_id>
client_secret: <client_secret>
username: <username>
password: <password>

Try Bulkedit with these, hope this helps (Hope you have registered the app to obtain client_id and client_secret)

ajith
  • 41
  • 3
1

Get token from django-oauth-toolkit from JS:

async function getToken () {
    let res = await fetch("https://<your_domain>/o/token/", {
        body: new URLSearchParams({
            grant_type: 'password',
            username: '<user_name>',
            password: '<user_pass>',
            client_id: '<client_app_id>',
            client_secret: '<client_pass>'
        }),
        headers: {
            "Content-Type": "application/x-www-form-urlencoded"
        },
        method: "POST"
    })
    return res.json();
}
console.log(await getToken());

Your client application authorisation grant type should be: "Resource owner password-based" oauth client application: Auth grant type

P.S. I've failed to get token via "Content-Type": "application/json", not sure why (django-oauth-toolkit documentation says nothing about that).

Dmytro Gierman
  • 335
  • 3
  • 8