I have a request URL with this format
https://[myqasote].auth0.com/authorize?audience=[myaudience]&scope=API&response_type=code&client_id=[myclientid]&redirect_uri=https://www.getpostman.com/oauth2/callback&prompt=none
Now my response or result that i receive is
Found. Redirecting to https://www.getpostman.com/oauth2/callback?error=login_required&error_description=Login%20required
I’m not sure what is the problem. Is my Response URL incorrect?
Can you explain what you’re trying to achieve (i.e. why using prompt=none for example).
Without additional context: as the error message states, the user needs to authenticate first, so there’s probably no valid user session existing.
Did you search the forum for “Login Required”, because iirc this came up a lot before.
Hi Mathias,
I am doing the first step on authorization code flow. the GET on /authorize. Also, to get the code from the callback URL, i need to use prompt=none.
Ok, so if you got the code already, the last thing to do would be to call the /token endpoint, (not /authorize).
https://auth0.com/docs/api/authentication#authorization-code-flow45
Note that we also have Postman collections available:
Postman Collection:
https://app.getpostman.com/run-collection/2a9bc47495ab00cda178
Docs:
https://auth0.com/docs/api/authentication#code-samples
Hi Mathias,
No. i did not get the code because this is the result i’m getting on my GET /authorize
it is saying
Redirecting to https://www.getpostman.com/oauth2/callback?error=**login_required**&error_description=**Login%20required**
I was expecting https://www.getpostman.com/oauth2/callback?code=[SOMETHING CODE]
Are you keep using prompt=none?
If so, is there an existing user session at Auth0 from a previous call? It’s not clear to me why you’d be using prompt=none , in case you do so.
It will be easier for me to get the code if i use prompt = none. If i did not use prompt = none, the result will be like this. I cannot get the ‘code’.
I cannot get the ‘code’.
Why can’t you get the code? You just need to get Postman to open that /login redirect URL that you’re showing in the code (not sure if it’s possible in Postman). Wondering though, why are you using Postman in the first place (and not a browser / regular application)?
If you just need to quickly fetch an access token for testing purposes in Postman, you could as well just use the ROPG / Resource Owner Password Grant. Would be much easier (though note: just for testing purposes, otherwise not recommended over Authorization Code Grant).
In any case, prompt=none won’t work if there isn’t an active session of a user already, and if you can’t do any kind of user interaction.
