Auth0 PKCE Postman test automation

Hi everyone,
I’m trying to automate some APIs tests with postman.
APIs are secured by Auth0 and we’re connecting with a mobile app (Authorization code flow + PKCE).
I see now postman has the feature to support PKCE, but it seems the token I get back is not a properly formed bearer token.

Some example below.

image

Hi @eugenio.favalli

You’re getting an opaque access token most likely because you’re not including an audience in the authorize request. You can configure a custom API in the Auth0 dashboard and then use its identifier in the authorize request, as the audience.

You can try changing your Auth URL to something like:

https://{{auth0Domain}}/authorize?audience=YOUR_API_IDENTIFIER

You can also read more about opaque and JWT access tokens here:

Indeed adding the audience as the first parameter of the authorize request did the trick.
I also realized that myself, thanks anyway :slight_smile:

The same trick doesn’t work on client credentials flow though, still I need to specify audience, but in a POST request now and postman doesn’t seem to allow that

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.