I am attempting to use Postman to get an access token on behalf of a test user. So I can run automation against APIs secured by OIDC/Auth0.
My applications are all configured correctly and I can use OIDC with Auth0 to AuthN/AuthZ with my front end, and the tokens get passed correctly to my APIs and are validated fine.
My goal is to be able to generate the token on behalf of a user so that I can call protected API resources.
I am using the following code in my pre-request-script in postman.
setAuth0JWT();
function setAuth0JWT() {
// fill local vars from Postman environment
var domain = pm.environment.get("oauth-domain");
var client_id = pm.environment.get("oauth-client_id");
var client_secret = pm.environment.get("oauth-client_secret");
var audience = pm.environment.get("oauth-audience");
var username = pm.environment.get("oauth-username");
var password = pm.environment.get("oauth-password");
// load request object
var req = {
url: "https://" + domain + "/oauth/token",
method: "POST",
header: {
"accept": "application/json",
"content-type": "application/x-www-form-urlencoded"
},
body: {
mode: 'formdata',
formdata:
[
{key: "grant_type", value: "password"},
{key: "username", value: username},
{key: "password", value: password},
{key: "audience", value: audience},
{key: "scope", value: "profile"},
{key: "client_id", value: client_id},
{key: "client_secret", value: client_secret}
]
}
};
// execute request for JWT, store token, set header
pm.sendRequest(req, function (err, res) {
pm.environment.set("bearer-token", res.json().access_token);
});
}
All I get back is {"error":"access_denied","error_description":"Unauthorized"}
so I have no idea what the issue is.
How do I even begin to debug this?