Skip to main content

Testing OAuth2 Authorization Code Flow with Postman

Designer Configuration for OAuth2 Authentication Provider

Step 1: Define a New Authentication Provider Alias

  1. Set up a new authentication provider by defining an alias.

Step 2: Configure OAuth2 Credentials

  1. Configure the authentication provider with the OAuth2 credentials of your application.

oauth2_authentication_properties
Figure: OAuth2 Authentication Provider Properties

Step 3: Configure Login Entry in Client Configuration

  1. Configure a login entry in configuration > client > loginList of your BG service.
    Ensure the property alias is set to your generated alias.

login_list
Figure: Login List Configuration

Step 4: Ensure User Recognition via OAuth2 Login

  1. Ensure that users accessing the web service can be recognized by their OAuth2 login (typically their email address).
    This requires setting up securitySSOUserTemplate or OAuth2 login for each user, or using the email address as the username.

Step 5: Assign Required Role to Users

  1. Verify that users accessing the web service have the role INTERNAL_WEBSERVICE.

Step 6: Configure Webservice Login Type

  1. Set up a webservice to use the name of the loginList configuration as the loginTypeId.

Example Configuration and Testing Using Microsoft Entra and Postman

Microsoft Entra Application Setup

  1. Create a new Microsoft Entra application.
  2. Collect the clientID and tenantId.
  3. Create a new client secret.
  4. Add Postman’s web redirect URI: https://oauth.pstmn.io/v1/browser-callback.
  5. Add your users to the application.

oauth_test1
Figure: Microsoft Entra Application Overview

oauth_test2
Figure: Application Client Secret Configuration

oauth_test3
Figure: Redirect URI Configuration

oauth_test4
Figure: User Assignment to Application

Postman Configuration and Token Retrieval

tip

Use the web version of Postman to enable the Authorization Code Flow functionality.

  1. Create a new REST request targeting the ADITO webservice.
  2. Configure OAuth 2.0 as the authorization method.
  3. Enter your OAuth2 provider details and credentials.
  4. Request an access token using the Authorization Code Flow.
  5. Use the obtained token to call the ADITO webservice.

postman1
Figure: Postman OAuth 2.0 Authorization Setup

postman2
Figure: Postman Token Request and Usage

Additional Information

Microsoft Entra OAuth2 Endpoints and Scope

  • Authorization URL and Access Token URL as configured in Microsoft Entra:

entra_auth
Figure: Microsoft Entra OAuth2 Endpoint Configuration

  • Use the scope format: ClientID/.default