Introduction
When using Postman to interact with APIs behind an OAuth2 authentication, we need to login and renew the token manually. This can be automated using the following steps.
- Set credentials in environment variables
- Create a pre-request script to login and renew the token
- Use the token in the request headers
Automating Login & Renewal
var e = pm.environment;
var isSessionExpired = true;
var loginTimestamp = e.get("loginTimestamp");
var expiresInSeconds = pm.environment.get("expiresInSeconds") || 86400;
if (loginTimestamp) {
var loginDuration = Date.now() - loginTimestamp;
isSessionExpired = loginDuration >= expiresInSeconds;
}
if (isSessionExpired) {
pm.sendRequest({
url: e.get('host') + "/auth/connect/token",
method: 'POST',
header: {
'Content-Type': 'application/x-www-form-urlencoded',
'Accept': 'application/json'
},
body: {
mode: 'urlencoded',
urlencoded: [
{ key: "username", value: e.get('username') },
{ key: "password", value: e.get('password') },
{ key: "grant\_type", value: "password" },
{ key: "client\_id", value: e.get("client\_id") }
]
}
}, function (err, res) {
jsonData = res.json();
e.set("access\_token", jsonData.access\_token);
if(res.json().expires\_in){
expiresInSeconds = res.json().expires\_in \* 1000;
}
e.set("expiresInSeconds", expiresInSeconds);
e.set("loginTimestamp", Date.now())
});
}
We can copy this script to the pre-request script of the collection.
Most of the script is self-explanatory. The script checks if the session is expired and sends a request to the token endpoint to get a new token. The token is stored in environment variables and used in the request headers.
Conclusion
This is a one time setup for Postman collection and it saves a lot of time in the long run. The script can be modified to handle different grant types and token renewal strategies.
Top comments (0)