Securing an access token with authorization code (with PKCE) grant type

Edit online

About this task

This section explains how to secure the get access token calls using postman.

Procedure

  1. In the Postman, under the Authorization tab, select the authorization type as OAuth2.0 from the TYPE menu. Provide the following information.
  2. Provide the following information.
    1. In the Configure New Token section, select the grant type as Authorization Code (With PKCE).
    2. Type the redirect URL as https://oauth.pstmn.io/v1/callback in the Callback URL text box.
    3. Select the Authorize using browser check box.
    4. Type the authorization URL as http(s)://hostname/invoke/pub.apigateway.oauth2/authorize in the Auth URL text box.
    5. Type the http://hostname/invoke/pub.apigateway.oauth2/getAccessToken in the Access Token URL text box.
    6. Type the client ID and client secret in the Client ID and Client Secret text boxes respectively.
      Note: You can get the client ID and client secret from the Authentication tab of the Application screen.
    7. From Code Challenge Method list, select the hasting method used to generate the code challenge.
    8. Specify the OAuth scope that you have created for the local authorization server in Step 1 in the Scope text box.
    9. Select the client authentication as Send client credentials in body.
    10. Click Get New Access Token.
    11. Click Approve. The MANAGE ACCESS TOKENS pop-up window displays the access token.