如何在没有前端的情况下使用 Postman 在 Node.js Express 后端服务器上测试 Passport JS Google OAuth

Question

I am trying to implement google Oauth into a backend application I am creating for a food delivery app I am building. I have already implemented cookies and auth with passportJS which is working great and was super easy to test with Postman.

I am now trying to implement google Oauth but have no idea how I am supposed to specify the path the request comes from or how to get postman to send a response to my server to confirm login success or failure nor how to get it to redirect me to a google window where I can login my test user. I really don't want to have to build out the entire login section of my frontend just to test google OAuth and there seems to be no tutorial on how to test this functionality of your Node API with Postman.

The frontend I will eventually build will be in ReactJS.

Any explanation or direction to a tutorial that explains this would be massively appreciated.

Answer 1

To use OAuth 2.0:

1. In the Authorization tab for a request, select OAuth 2.0 from the Type dropdown list. Specify if you want pass the auth details in the request URL or headers.

2. By default Postman will append the access token to Bearer in the Authorization header for your request, but if your server implementation requires a different prefix, you can specify it in the Header Prefix field.

3. To request an access token, fill out the fields in the Configure New Token section, and select Get New Access Token. You can save both the token and the details to generate a token with your request or collection.

4. Once you have a token value generated and added, it will appear in the request Headers.

5. Enter the details for your client application, and any auth details from the service provider. This allows you to replicate your application auth flow inside Postman in order to test authenticated requests.

6. You can share token credentials with your team by selecting the sync token icon Syncing icon next to an available token. By default Postman won't sync your token in case you don't want to share it.

7. Postman will prompt you to supply specific details depending on the OAuth 2.0 grant type, which can be Authorization code, Implicit, Password credentials, or Client credentials.

Note:

1. Use https://oauth.pstmn.io/v1/browser-callback for callback url. (once user initiates oauth, postman will open url in new browser window. Once authorizaiton is completed, it will hit this url)
2. Postman can save autorizaition code from above call back url to get refresh token and access token. (with this, postman can issue new access tokens for you to use)