How to authenticate an Oauth 2 connection to Postman?

Asked

Viewed 1,463 times

1

My API uses in the backend Rails 5 to Gem devise_token_auth (omniauth) for authentication. The frontend is using ng-token-auth (Angular 1.x).

I have all API requests on Postman. I did the security implementation and I need to authenticate Postman for each request. devise_token_auth uses Oauth 2 authentication and I’m having trouble implementing this authentication.

enter image description here

For this type of authentication, using Postman, what process is required to gain access to the API?

1 answer

0


After several attempts and errors, I was able to effect the authentication process in my API and proceed with the accesses to Resources.

Below I detail the procedure. Any doubt use the comments below.

Postman

In Manage Environments click on Bulk Edit and add:

URL:https://sua.maravilhosa.api:3000
access-token:NOy64-MdaRd6UXMvm4OU3Q
client:gJ6tx2BKpmUVwQ5aQwtGiQ
expiry:1484612121

Create an authentication request, use the URL {{URL}}/auth/sign_in, access the tab Tests and add:

postman.setEnvironmentVariable("access-token", responseHeaders['access-token']);
postman.setEnvironmentVariable("client", responseHeaders['client']);
postman.setEnvironmentVariable("expiry", responseHeaders['expiry']);

This code will update the variables access-token, client and expiry.

Create (or edit) a request for your API, go to the tab Headers, click on Bulk Edit and add:

access-token:{{access-token}}
token-type:Bearer
client:{{client}}
expiry:{{expiry}}
uid:[email protected]

This should be done for each request. You will find more details about the authentication header for devise_token_auth clicking here.

Rails

To avoid logging in every request, disable change_headers_on_each_request, to open the file devise_token_auth.rb and alters config.change_headers_on_each_request for true.

A new feature that adds the ability to create triggers with functions is being discussed on that occasion. This could automate the process and decrease manual effort.

Done the above procedures just click on send in the request tab.

Bonus

See below an animated gif demonstrating the process.

Explicação em detalhes

Browser other questions tagged

You are not signed in. Login or sign up in order to post.