How to login using SSO oauth 2.0 and then storing token to run all other API from postman automation script?

0
votes

I am not able to automate postman script for this procedure:

  1. Open postman then in authorization tab select type->OAuth 2.0, Add authorization data->Request Headers and Access token->Get Access Token Filled fields-Token Name, Grant Type->Authorization Code, Callback URL, Auth Url, Acess Token Url, client Id, Scope, State, Client Authentication->Send as basic Auth header then when request Token a pop up window opens for SSO enter image description here

  2. Then Manage Acess tokens pop up appears, then select Use Token button at the bottom, then running api url which now contain token in the Header tab->temperory headers. How to automate this procedure with storing token in environment variables,then running rest of the API's with it.

2
javascriptoauth-2.0automated-testssingle-sign-onpostman-pre-request-script

2 Answers

0
votes

I tried to access access_token from oauth 2.0 login by using Express and puppeteer.

var express = require('express');
const puppeteer = require('puppeteer');
var app = express();
app.get('/', function(req, res) {
    run().then(() => console.log('Done')).catch(error => console.log(error));
    async function run(){
        const browser = await puppeteer.launch({headless: false});
        const page = await browser.newPage();
        await page.goto('https://abcd.com/authorize? 
audience=https://abcd.com&scope=openid%20email%20profile&client_id=abcd&response_type=token&redirect_uri=https://abcd.com/callback');
await new Promise(resolve => setTimeout(resolve, 5000));
    await page.focus('#email');
    await page.keyboard.type('[email protected]');
    await page.focus('#password');
    await page.keyboard.type('efghi');
    const waitForLoad = new Promise(resolve => page.on('load', () => resolve()));
    await page.evaluate(() => {
        document.querySelector('span[class="label"]').click();
    });
    await waitForLoad;
    console.log('Waiting to be redirected to the client.');
    const clientUrl = await page.evaluate(() => window.location.href);
        //1st the split is from when it encounters = in the url
    var split1 = clientUrl.split('=');
    //2nd split is when it encounters & in the 2nd object of the array
    var split2 = split1[1].split('&');
    //taking array in an object and conversing it to json
    var obj = {
      access_token: split2[0]
    }
    await browser.close();
    res.send(obj);
  };
});
app.listen(8000, function(){
    console.log('Heard on 8000');
});

This can be run on postman to run other api with the received access token.

0
votes

Using refresh token This can also be achieved in less time Get refresh token by API https://{{auth0_domain}}/oauth/token BODY- 

grant_type:password      
client_id:abcdefghijklmn
audience:https://abcd.com
username:abcd
password:efgh
scope:openid profile email offline_access

In Response will generate Refresh Token, this token then can be used in getting accesss_token without again generating refresh token in future. It's a one time process only and it doesn't get expired in a day or a week or a month.