Learn from experts and connect with global tech leaders at POST/CON 24. Register by March 26 to save 30%.

Learn more →
X

Introducing Postman’s New Parameters for OAuth 2.0

Giridhar

Authentication is a fundamental part of APIs, and over the years OAuth 2.0 has gained tremendous adoption amongst the masses as the leading authorization standard. One of the reasons why OAuth 2.0 is thriving is the fact that the OAuth 2.0 standard keeps evolving and getting fine-tuned as years progress. While the core logic of OAuth 2.0 remains the same, there are minor enhancements in the OAuth standards that lets developers use OAuth 2.0 in a way that works for them.

Postman has been listening to the feedback from our community in order to stay aligned with the evolving OAuth 2.0 standards. Today, we are enabling you to specify some additional parameters for OAuth 2.0 that will help you in your workflows. With this release, you now have the ability to specify resource and audience as parameters while generating access tokens using OAuth 2.0. You can also specify multiple resources and/or audiences to handle niche OAuth flows.

Resource and audience parameter for OAuth
Add new OAuth 2.0 parameters—labeled Resource and Audience—to generate the access token by using the advanced options in OAuth 2.0 Authorization

We hope this update helps you with your OAuth flows in Postman. We are constantly working towards releasing new features, and we’d love to hear from you on how we can help you and your team succeed with your API workflows. You can learn more about working with OAuth 2.0 in Postman with help from the  Postman Learning Center.

What do you think about this feature? Tell us in a comment below. You can also give product feedback through our Community forum and GitHub repository

Comment

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

4 thoughts on “Introducing Postman’s New Parameters for OAuth 2.0

  • Avatar

    Very useful feature, but why does the “Resource” field disappear when changing the “Grant Type” to “Password Credentials”? It’s still needed there.

  • Avatar

    Too bad you can’t have the option to add any number of fields to the initial request. Resource is cool, but some times the key name is not “Resource”.
    Take for example : https://developers.google.com/identity/protocols/oauth2/web-server#exchange-authorization-code

    Goole offers a key of “access_type” to be online or offline.
    Setting this parameter will change the Access token’s type to be a refresh token instead of a Bearer Token.
    I’ve tried doing a pre-request script here to add in the “access_type” to the form but no such luck.

  • Avatar

    I would love to be able to use the “Recource” field when doing a “Password Credentials” type OAuth 2.0 request.

  • Avatar

    Seems like version 10.8.1 on Silicon Mac ignores the audience parameter 🙁 I get a token, but it has a different audience than what I specify (it ends up being the client id). I am trying to connect to an Auth0 based API.