Using Postman to request and authenticate with OAuth2 tokens

This step-by-step tutorial explains how to request OAuth2 tokens using Postman, and how to use the tokens to authenticate HTTP requests.

Setup

Before we start sending requests, we first need to set up our environment.
Make sure you have downloaded the latest release .zip of the Membrane API Gateway, we use Membrane as our OAuth2 token server.
To run Membrane you will require a JDK of at least version 11.

  1. Extract the Membrane archive and navigate to examples/oauth2/api.
  2. Start the Windows or *nix shell scripts in authorization_server and token_validator
    Note: Only start one service-proxy.* in each directory.
  3. If Postman is not already installed, download it from the official Postman downloads page.
    After Postman is installed, you can run the application.
    You have the choice of logging in, or using Postman in Lite mode.

Requesting the OAuth2 Token

  1. Use the default request that appeared on first start or create a new one.
    New Postman Request
  2. Click on Authorization and scroll to the Configure New Token section.
    In our instance we will be authenticating with the token server using password authentication. Select Password Credentials in the Grant Type dropdown and proceed with the entry of your or the examples data.
    In this example we use abc as Client ID and def as Client Secret.
    Our Access Token URL is http://localhost:7007/oauth2/token.
    Use Username: John and Password: password to authenticate.
    Creating an OAuth2 Token in Postman
  3. Enter any name for the Token and press Get New Access Token.
    The token server will be contacted and if the information was entered correctly, a success modal should appear.
    A Success Modal Confirming Token Creation
  4. Press proceed (or wait for the modal to close), on the next screen press Use Token, this will select token to be used for our request.
    The final modal showing the just created token and the Use Token button

Using the OAuth2 Token in a Request

  1. Make sure the right token is selected. Then enter the target url and send the request.
    The response window at the bottom should show a JSON document denoting that the token validation was a success.
    In this example we use the target URL http://localhost:2000, this is simply a token validator running in Membrane.
    The OAuth2 token selected in the request mask, with the result window showing a JSON document with a single property claiming success to the request