How to persist an OAuth2 token (or use a refresh token) in Postman collections?

Ok, first enter your OAUTH token URL, click on the Body tab, and fill out these POST parameters: client_id, grant_type, username, password, override. Then, click on the Test tab, enter this text and then press Send: var data = JSON.parse(responseBody); postman.setGlobalVariable(“access_token”, data.access_token); postman.setGlobalVariable(“refresh_token”, data.refresh_token); Then enter one of your application URLs, click on the Headers … Read more

How do I connect to the Google Calendar API without the oAuth authentication?

If I’m not wrong, they’ve launched Service Account for this now: https://developers.google.com/accounts/docs/OAuth2ServiceAccount Edit: Here’s the modification from their Prediction API session_start(); require_once “google-api-php-client/src/Google_Client.php”; require_once “google-api-php-client/src/contrib/Google_CalendarService.php”; const CLIENT_ID = ‘…’; const SERVICE_ACCOUNT_NAME = ‘…’; // Make sure you keep your key.p12 file in a secure location, and isn’t // readable by others. const KEY_FILE = ‘…’; … Read more

How do I develop against OAuth locally?

Two things: The OAuth Service Provider in question is violating the OAuth spec if it’s giving you an error if you don’t specify a callback URL. callback_url is spec’d to be an OPTIONAL parameter. But, pedantry aside, you probably want to get a callback when the user’s done just so you know you can redeem … Read more

I am getting “code challenge required” when using IdentityServer4

I am pretty much sure that you are using version 4.0 or above. Let me know if I am correct? In version 4.0 and above, the code flow + PKCE is used by default, as this is more secure than Hybrid flow according to the documentation. Here is the link https://identityserver4.readthedocs.io/en/latest/topics/grant_types.html and link to relevant … Read more