Postman OAuth Code+PKCE

alevinger · April 26, 2023, 1:32pm

Hi,

I’ve successfully used Postman to update access tokens in the past, but it’s not working for me now, though I haven’t changed any of the settings. I click “Get New Access Token” in postman and am redirected to the auth0 login page. It appears to be successful, but then I’m redirected to Postman which has the message: Authentication Failed. Couldn’t complete Authentication. Check the postman console for more details."

The postman console shows a 401 unauthorized response.

Auth0 logs are showing a successful login, but then a failed exchange.

Any suggestions for how to proceed?

rueben.tiow · April 26, 2023, 11:47pm

Hi @alevinger,

Thanks for reaching out to the Auth0 Community!

I understand that you experience the 401 Unauthorize error.

Firstly, have you gotten a chance to review our Add Login Using the Authorization Code Flow with PKCE documentation?

And could you please clarify if you were successful with logging in when calling the /authorize endpoint?

It would look something like the following:

https://{yourDomain}/authorize?
    response_type=code&
    code_challenge={codeChallenge}&
    code_challenge_method=S256&
    client_id={yourClientId}&
    redirect_uri={yourCallbackUrl}&
    scope={scope}&
    state={state}

After successfully logging in, you should get a code which you can use to exchange for an Access Token by calling the /oauth/token endpoint.

Please note that you will need to call the /authorize on a browser and then you can use Postman to call the /oauth/token endpoint. This is because the /authorize endpoint requires user interaction, specifically, it requires the user to log in.

Once that is complete, you should get an Access Token for your application.

Please let me know how this goes for you.

Thanks,
Rueben

system · May 10, 2023, 11:48pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.