[英]How to login using SSO oauth 2.0 and then storing token to run all other API from postman automation script?
I am not able to automate postman script for this procedure:我无法为此过程自动化邮递员脚本:
Open postman then in authorization tab select type->OAuth 2.0, Add authorization data->Request Headers and Access token->Get Access Token Filled fields-Token Name, Grant Type->Authorization Code, Callback URL, Auth Url, Acess Token Url, client Id, Scope, State, Client Authentication->Send as basic Auth header then when request Token a pop up window opens for SSO enter image description here打开邮递员然后在授权选项卡中选择类型-> OAuth 2.0,添加授权数据-> 请求头和访问令牌-> 获取访问令牌填充字段-令牌名称、授予类型-> 授权代码、回调 URL、Auth Url、Acess Token Url , client Id, Scope, State, Client Authentication->Send as basic Auth header 然后当请求令牌时会打开一个弹出窗口供 SSO在此处输入图像描述
Then Manage Acess tokens pop up appears, then select Use Token button at the bottom, then running api url which now contain token in the Header tab->temperory headers.然后会弹出管理访问令牌,然后选择底部的使用令牌按钮,然后运行 api url,它现在在 Header 选项卡->temperory headers 中包含令牌。 How to automate this procedure with storing token in environment variables,then running rest of the API's with it.如何通过将令牌存储在环境变量中来自动执行此过程,然后使用它运行其余的 API。
I tried to access access_token from oauth 2.0 login by using Express and puppeteer.我尝试使用 Express 和 puppeteer 从 oauth 2.0 登录访问 access_token。
var express = require('express');
const puppeteer = require('puppeteer');
var app = express();
app.get('/', function(req, res) {
run().then(() => console.log('Done')).catch(error => console.log(error));
async function run(){
const browser = await puppeteer.launch({headless: false});
const page = await browser.newPage();
await page.goto('https://abcd.com/authorize?
audience=https://abcd.com&scope=openid%20email%20profile&client_id=abcd&response_type=token&redirect_uri=https://abcd.com/callback');
await new Promise(resolve => setTimeout(resolve, 5000));
await page.focus('#email');
await page.keyboard.type('abcd@gmail.com');
await page.focus('#password');
await page.keyboard.type('efghi');
const waitForLoad = new Promise(resolve => page.on('load', () => resolve()));
await page.evaluate(() => {
document.querySelector('span[class="label"]').click();
});
await waitForLoad;
console.log('Waiting to be redirected to the client.');
const clientUrl = await page.evaluate(() => window.location.href);
//1st the split is from when it encounters = in the url
var split1 = clientUrl.split('=');
//2nd split is when it encounters & in the 2nd object of the array
var split2 = split1[1].split('&');
//taking array in an object and conversing it to json
var obj = {
access_token: split2[0]
}
await browser.close();
res.send(obj);
};
});
app.listen(8000, function(){
console.log('Heard on 8000');
});
This can be run on postman to run other api with the received access token.这可以在邮递员上运行以使用收到的访问令牌运行其他 api。
Using refresh token This can also be achieved in less time Get refresh token by API https://{{auth0_domain}}/oauth/token BODY-使用刷新令牌 这也可以在更短的时间内通过 API 获取刷新令牌 https://{{auth0_domain}}/oauth/token BODY-
grant_type:password
client_id:abcdefghijklmn
audience:https://abcd.com
username:abcd
password:efgh
scope:openid profile email offline_access
In Response will generate Refresh Token, this token then can be used in getting accesss_token without again generating refresh token in future.在 Response 中会生成 Refresh Token,此令牌可用于获取 accesss_token ,而无需再次生成刷新令牌。 It's a one time process only and it doesn't get expired in a day or a week or a month.这只是一个一次性过程,不会在一天、一周或一个月内过期。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.