New custom parameters for OAuth 2.0 token generation in Postman
With a mission to constantly improve the experience of OAuth 2.0, we recently introduced support for the automatic refreshing of access tokens and added the option to use ID tokens to make it easier to interact with OAuth in Postman.
One of the reasons OAuth 2.0 is popular is because of its customizability. The standard is flexible, which makes it extensible to ensure that the protocol fits the specific standards that are needed by some of the authentication servers today.
Today, we are excited to introduce features that power up the OAuth client in Postman to the next level. You now have the ability to add custom parameters to the various requests that form the OAuth token generation and refresh flow.
Related: What is OAuth 2.0?
Customizing your auth, token, and refresh requests
A typical OAuth request, depending on the grant type will consist of a maximum of three different requests that are needed for generating and regenerating the access token. These are the auth request, token request, and refresh token request. All these three requests take values based on your configuration settings in Postman for the token generation flow.
For your advanced use cases, we’ve also introduced an Advanced section, where you can customize each of these requests that form the OAuth token generation flow. You can specify these parameters as a key value combination, and further, also denote if these parameters need to be added in the Query Param, Request body, or Request Header part of the respective requests
This level of customization comes in handy when dealing with systems that are highly specific in their configuration needs. You can read more about how to use this feature in our Postman Learning Center.
We had a lot of fun building these features in OAuth 2.0 for you, and we’re excited to hear how you like these updates as well. As usual, we’re all ears to get feedback on how we can improve your experience with Postman, so feel free to, leave a comment below or if you want to see something new in the Postman API Platform, check out our GitHub issue tracker to raise a feature request.
Related: Use the Authorization Methods Template
How can I add resource parameter ?
You can add `resource` as a parameter in the Advanced section, either in the Auth request or the token request, depending on the OAuth Configuration.
You can also add multiple resources by adding them as separate parameters
How do you turn this on???? Not in my Postman, that’s for sure.
Please contact our support team at http://www.postman.com/support and they’ll be able to help you.
For whomever is scratching their head as I did for several hours today: the “Advanced” section does not show up in the lightweight client (i.e. you need to be logged in).