Part 1: Automate getting an Identity Cloud Service Access Token in Postman

Introduction

If you have spent enough time working with web services you have probably heard of Postman. If not, then let me say it is a great tool to test REST APIs against Identity Cloud Service (IDCS) among other things. When using Postman with web services you quickly learn an OAuth2 Access Token is required in order to successfully be authorized to complete a REST call.  Each time a request is sent you can either manually request an Access Token setting the Authorization Type to OAuth 2.0 and requesting a token, or have a request in the collection that gets the token, then you manually assign the token retrieved to a variable, and all other requests an be set to Authorization Type Inherit auth from parent, which you can then send any request and it goes through automatically though the token will eventually expire.  What if I told you getting the token could be automated for Identity Cloud Service so that when a REST request is sent in Postman, an access token is automatically retrieved so your request will always complete successfully without issue? Interested? Read on.

What’s a Pre-request script in Postman?

If you have used Postman, but never investigated what a Pre-request script is, you are missing out. A Pre-request script is a script that will be executed first before the request is sent. It can be added to a single request or at the Collection level, which if at the Collection level it will be executed first for every request inside the Collection. The type of scripting used in a Pre-request or Test script in Postman can be a combination of JavaScript and methods that are part of the Postman library. With this in mind we can now do something like automate getting our Access Token.

Using a Pre-request script to Automate getting an Access Token

The key to our OAuth2 automation is the script we will insert into the Pre-request script. Below is the script we will use, which will simplify your life. As a spoiler alert, we can then use this script to build on other things like automating bulk things…more to come in the next two blogs for Part 2 and Part 3.

 

A-Team Auto OAuth2 Pre-request Script:

// Set some environment variables to use in the access token request.
var client_id = pm.environment.get("CLIENT_ID");
var client_secret = pm.environment.get("CLIENT_SECRET");
var tenant = pm.environment.get("HOST")
var CryptoJS = require("crypto-js")
                                  
// Encrypt the Client ID and Secret in base64
var rawStr = CryptoJS.enc.Utf8.parse(client_id + ':' + client_secret)
var client_cred = CryptoJS.enc.Base64.stringify(rawStr)
                                  
// Now let's get a new oauth2 access_token and set it in a variable
pm.sendRequest({
     url: tenant + '/oauth2/v1/token',
     method: 'POST',
     header: {
          'Authorization': 'Basic ' + client_cred,
          'Cache-Control': 'no-cache',
          'Content-Type': 'application/x-www-form-urlencoded'
          },
     body: {
          mode: 'urlencoded',
          urlencoded: [
               {key: "grant_type", value: "client_credentials"},
               {key: "scope", value: "urn:opc:idm:__myscopes__"},
          ]
     }
}, function(err, response) {
     const jsonResponse = response.json();
     pm.environment.set("access_token", jsonResponse.access_token);
});

STEPS:

1. If you don’t have Postman already download it from https://www.getpostman.com/ and install.

2. Assuming you already have the “Oracle Identity Cloud Service REST Client Samples” collection imported, move your mouse arrow over the collection and an Ellipses (…) will show up, select it and then select Edit.

 

3. Select the Authorization tab, from the Type menu select Bearer Token, then in the Token field enter a variable “{{access_token}}”. The variable will be used in all the requests you send. I will explain later in the example Environment that comes with the Oracle collection has a variable “access_token” that works with this script.

4. Next select the Pre-request Scripts tab (There SHOULD NOT be any script in here already.), and copy and paste the Pre-request Script I gave you earlier. Again, this Pre-request script will execute first for every request you send in the collection. This script will be responsible for getting you a new Access Token each time you send a Postman request.  NOTE:  The variables in the Pre-request script “CLIENT_ID”, “CLIENT_SECRET”, and “HOST”, these are defined in your Postman Environment settings.  The “Oracle Identity Cloud Service REST Client Samples” collection you imported came with an example environment.  Be sure to modify these variable vales per your environment.

 

 

BONUS: I already mentioned the variables in the Pre-request script; i.e. {{CLIENT_ID}}, {{CLIENT_SECRET}}, and {{HOST}}, you can create several environments with these variables and then add the appropriate values per environment.  When you want to switch to another environment, just select a different environment and the Pre-request script will automatically get the proper values and therefore get a new access token for that chosen environment.

 

5. Now press the Update button to finish!

 

Testing our Pre-request script against Identity Cloud Service

Testing our script is pretty easy. Within the REST API for Oracle Identity Cloud Service collection select a very basic request like searching a user by a username, enter some value for the username you know exists in your IDCS tenant, then select the send button. As long as the environment in Postman you selected has all the right values and the request is correct, the request should go through and you should get a response.

If you have problems, click on the Postman Console button found in the bottom left (It’s a small icon as shown in the graphic below). This console outputs details on your request and response to make it easier to troubleshoot. In fact you can also add things like “console.log(“My access_token: “ + {{access_token}})” as an example to output things that will show up in the console for more troubleshooting.

Postman Console button

 

 

 

 

 

 

Summary

Hopefully this method of getting an OAuth2 access token automatically will be helpful. If you aren’t convinced yet, check out Part 2: Using Postman Runner with Identity Cloud Service and Part 3: Automate Requests against Identity Cloud Service  using Newman where I will build on this Pre-request script to developing a test collection and then automate all the requests in the collection to iterate through hundreds or even thousands of users from a CSV (Comma Separated Value) file to update, create, delete, etc. each user as an example. This is a very powerful bulk processing tool for non-developers to make it easier to work with Identity Cloud Service and leverage its REST APIs. The limits are only your imagination.

 

Add Your Comment