Using Postman to test web app secured by Auth0

Hey there!
We have a web application, and we are using Auth0 to grant access to our users, from auth0 dashboard I created a regular web application, did all the required configuration (our web app is a j2ee application) and everything is working fine. Users login using Universal login page by entrering his email and password
Here is the issue now, we started creating some webservices in our application, that will be consumed later but a mobile app. When I try to test these webservices using postman, it’s not working, it always returns in response body the login page, despite the fact that I’m adding to Postman the required configuration to obtain a token au shown blow
Am I missing someything in my configuration?
Thanks

Hi @yassineferjani,

Thanks for reaching out to the Auth0 Community!

After taking a closer look at your screenshot, I noticed that you are calling the Authorization Code grant type in your request. This will redirect the user to the login page to prompt them for their credentials.

In the authorization code flow, you must exchange the code that is returned from the /authorize endpoint to get an access token.

For example:

https://{yourDomain}/authorize?
    response_type=code&
    client_id={yourClientId}&
    redirect_uri={https://yourApp/callback}&
    scope={scope}&
    state={state}

Response:

HTTP/1.1 302 Found
Location: {https://yourApp/callback}?code={authorizationCode}&state=xyzABC123

Then, you can take this code and pass it to the /oauth/token endpoint to get an access token.

curl --request POST \
  --url 'https://{yourDomain}/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=authorization_code \
  --data 'client_id={yourClientId}' \
  --data 'client_secret={yourClientSecret}' \
  --data 'code=yourAuthorizationCode}' \
  --data 'redirect_uri={https://yourApp/callback}'

For more information, please check out our Add Login Using the Authorization Code Flow documentation.

Please let me know how this goes for you.

Thanks,
Rueben

Thanks @rueben.tiow for answering

When I call this url after seetting the right param
https://{yourDomain}/authorize?
response_type=code&
client_id={yourClientId}&
redirect_uri={https://yourApp/callback}&
scope={scope}&
state={state}

I’m not getting in fact TTP/1.1 302 Found, I’m getting instead 200 ok and Auth0 login page

Looks like I’m missing something in my configuration…

Hi @yassineferjani,

Thank you for your response.

That is correct. The user must enter their credentials on the login page, and if it is correct, they are redirected to your callback URL (the same as the redirect_uri of the request) with the code, which you can use to exchange with the /oauth/token endpoint for an access token.

Alternatively, there is the option to use the Resource Owner Password Flow, which may be what you’re looking for.

Could you please give it a try and let me know how it goes for you?

Thanks,
Rueben

Thanks @rueben.tiow the worflow you describe is working fine now :slight_smile: there was something missing in my side (in my application code)
Now I’m able to get the token and use it to call my webservices
Thank you

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.