OAuth 2.0
OAuth (short for "Open Authorization") is an open standard that grants websites or applications access to users' information on other websites without giving them their passwords.
When authorization is set to OAuth 2.0, instead of the default Bearer Token, you use Postman’s automatic OAuth features to retrieve and refresh tokens. You also use your browser to authenticate your session, which improves platform operational security and developer experience.
To configure a PingOne collection to use OAuth 2.0 for authorization:
-
Click on the collection.
-
Click the Authorization tab.
-
Select
OAuth 2.0from Type. -
Select
Request Headersfrom Add auth data to. -
In Token, select any unexpired token previously generated.
-
In Header Prefix, type
Bearer.You must Configure New Token, if none are available in Token.
-
In Token Name, type any name. If you generate more than one token, this appears in Token to select a valid token.
-
Select
Client Credentialsfrom Grant Type. -
In Access Token URL, type
{{authPath}}/{{adminEnvID}}/as/token. -
In Client ID, type
{{adminAppID}}. -
In Client Secret, type
{{adminAppSecret}}. -
Scope is not required in this use case, leave blank.
-
Select
Send as Basic Auth Headerfrom Client Authentication. -
In Refresh Token URL, type
{{authPath}}/{{adminEnvID}}/as/token.
|
You must set appropriate values on the variables used in the configuration in your environment variables template:
|
To generate a new access token:
-
Click Get New Access Token.
The Get new access token dialog appears.
-
Click Proceed. If you do nothing, the dialog proceeds after 5 seconds.
The Manage Access Tokens dialog appears.
-
Click Use Token. Postman applies the access token to requests with Authorization
Inherit auth from parentuntil it expires. -
If Postman does not automatically refresh the access token, repeat these steps.