0

For many collections in Postman we use authorization with the grant type=Authorization code (to Azure). For requests using the grant type client credentials I'm able to write the prerequest script which acquires the token automatically (if needed) and I would like to have such a script for the authorization code flow too. There are many examples related to basic authorization (user name/password) flow out there, but I haven't found any for the authorization code flow.

Here are the steps I have to do according the MS docs):

  1. I call POST method to the https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize with all required parameters, as redirect_uri I use https://www.getpostman.com/oauth2/callback
  2. After successful authentication Azure sends the code as url parameter in the callback request to provided redirect_uri. In the browser it looks like this https://www.getpostman.com/oauth2/callback/?code=authorizationCodeGeneratedByAzure
  3. To proceed further I would need now to somehow observe the redirect_uri, to catch the incoming request (the callback from Azure) and somehow grab the code from the request url parameters for further usage in the following request for the token acquisition. And this is what I can't figure out how to do.

So my question is:

How can I get the authorization_code from the url of Azure authentication response sent to redirect_uri after the successful authentication in the Prerequest script?

Filip M.
  • 89
  • 9

1 Answers1

1

Hope you are doing it in the authorization_code flow and application as WebApp.

So, for authorization_code flow there are 2 steps to get the access token.

  • To get the code first from the /authorize end point.
  • Use that code to get the access token from /token end point.

https://www.getpostman.com/oauth2/callback/?code=authorizationCodeGeneratedByAzure

As you mentioned that you got the code from redirect-uri, you just need to extract this code to pass in token end point along with the client_secret to get the token.

After successful authentication Azure sends the code as url parameter in the callback request to provided redirect_uri.

For further process use that code along with the client_secret for the token acquisition.

Below is the sample view from the Postman.

enter image description here

RajkumarPalnati
  • 541
  • 2
  • 6
  • Thanks for the response, but it doesn't respond my question at all - I would need to do the complete authentication process automatically in the Postman Prerequest script. I can send the POST request to "authorize endpoint" using pm.sendRequest(). That's what I know how. And You are right, that then I "just need to extract this code to pass in token end point" but the question is, how can I automatically in the script catch the callback call and extract the code. – Filip M. Jun 29 '22 at 12:28