Postman - 如何在 Postman 中调用使用“使用 Google 登录”的 API 端点

Question

I have an express app that uses express-openid-connect to authenticate requests via Google OIDC. It works fine and behaves as expected. If I do not have a current session, then accessing any route in a browser will redirect to a Google login page. Subsequent requests on any route will use the session cookie and will not redirect. All's well.

I want to call one of the routes defined in the app via Postman. To do that I would expect to need to login to create a session and get a cookie. If I grab the cookie from a browser session and manually edit the cookie in Postman to include the cookie contents then it works and I can call the endpoint from Postman. I'd like to avoid having to do this since it's so clunky and manual.

I cannot find anything that says how to call an API endpoint that requires Google auth, in Postman. Everything I can find about Postman and Google auth, OIDC, etc. is about getting access tokens that the app can use to subsequently access other APIs. This is not what I'm doing. I just need to use Postman to call an endpoint that requires Google auth.

Is this possible in Postman?

Answer 1

It is not easy steps but I try it step by step.

Postman can do Authorization Code Grant without programming

Two parts Setting

1 Google Project Setting

• Redirect URI, Client ID and Client Secret

2 Postman Get Token Settings

• Grant Type, Callback URL, Auth URL, Token URL, Client ID, Client Secret, Scope

After Setting # 1

After Setting # 2

#1's 2,3 should be match #2's 2,3

if click Get New Access Token , then get the google login screen

Next will show OAuth consent screen

if click the Allow button, get the access

This is example of GET use information call with token.

https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=youraccess_token

Detail Steps for Setting #1

1 Go Google Develop Console

https://console.cloud.google.com/products

2 Search new project

3 Create New project

4 Create Credential

select OAuth Client ID

Click Config Consent Screen

Select External User Type, Click Create button

5 Edit App Registration

app-name, user support email, developer e-mail then click save and continue

Add Scope - important You can add your want to access item by adding scopes

I added simple scope to get user info

https://www.googleapis.com/auth/userinfo.email

Then click save and continue

Add Test User get the summary screen

6 Create Client ID Use Authorized redirect URI this for Postman

https://www.getpostman.com/oauth2/callback

Then google will create credential (Client ID and Secret)

Detail Steps for Setting #2

In Postman, Select Authorization Tab, select type is OAuth 2.0

2 (Client ID),3 (Client Secret) use Setting #1's credential

4 Grant Type is Authorization Code

5 Callback URL

https://www.getpostman.com/oauth2/callback

6 Auth URL

https://accounts.google.com/o/oauth2/v2/auth

7 Access Token URL

https://oauth2.googleapis.com/token

8 Scope

https://www.googleapis.com/auth/userinfo.email

Then Click New Access Token Login screen will comes as upper images

That is it, I hope to follow all steps, to figure out an Authorization Code flow by Postman.