Introducing Postman’s New Parameters for OAuth 2.0
Authentication is a fundamental part of APIs, and over the years OAuth 2.0 has gained tremendous adoption amongst the masses as the leading authorization standard. One of the reasons why OAuth 2.0 is thriving is the fact that the OAuth 2.0 standard keeps evolving and getting fine-tuned as years progress. While the core logic of OAuth 2.0 remains the same, there are minor enhancements in the OAuth standards that lets developers use OAuth 2.0 in a way that works for them.
Postman has been listening to the feedback from our community in order to stay aligned with the evolving OAuth 2.0 standards. Today, we are enabling you to specify some additional parameters for OAuth 2.0 that will help you in your workflows. With this release, you now have the ability to specify resource and audience as parameters while generating access tokens using OAuth 2.0. You can also specify multiple resources and/or audiences to handle niche OAuth flows.
We hope this update helps you with your OAuth flows in Postman. We are constantly working towards releasing new features, and we’d love to hear from you on how we can help you and your team succeed with your API workflows. You can learn more about working with OAuth 2.0 in Postman with help from the Postman Learning Center.
Very useful feature, but why does the “Resource” field disappear when changing the “Grant Type” to “Password Credentials”? It’s still needed there.
Too bad you can’t have the option to add any number of fields to the initial request. Resource is cool, but some times the key name is not “Resource”.
Take for example : https://developers.google.com/identity/protocols/oauth2/web-server#exchange-authorization-code
Goole offers a key of “access_type” to be online or offline.
Setting this parameter will change the Access token’s type to be a refresh token instead of a Bearer Token.
I’ve tried doing a pre-request script here to add in the “access_type” to the form but no such luck.
I would love to be able to use the “Recource” field when doing a “Password Credentials” type OAuth 2.0 request.
Seems like version 10.8.1 on Silicon Mac ignores the audience parameter 🙁 I get a token, but it has a different audience than what I specify (it ends up being the client id). I am trying to connect to an Auth0 based API.