How to setup automated token retrieval in ADFS 3.0 using Postman

This guide is useful if you would need to automatically generate tokens for use in Postman and this has to be generated automatically before every test batch run.

The process requires you send two POST requests to get authenticated and retrieve an access token.

• The first request will receive a code.
• The second request will receive use the code to retrieve an access token

Step-by-step guide

Before this setup, you should have a client account setup in ADFS 3.0

GET CODE

You need to have the following

• ADFS 3.0 server domain
• Windows username in the format ADF\USER1 and Password

Open postman and setup a POST request to the authentication domain name

e.g https://assets.myflyinggorillas.co.uk/adfs/oauth2/authorize?response_type=code&client_id=localhost-postman-test&resource=https://animals.api.test.intranet.net&redirect_uri=https://www.getpostman.com/oauth2/callback

This URI in the URL will need to be encoded, which will result in you having https://assets.myflyinggorillas.co.uk/adfs/oauth2/authorize?response_type=code&client_id=localhost-postman-test&resource=https%3A%2F%2Fanimals.api.test.intranet.net&redirect_uri=https%3A%2F%2Fwww.getpostman.com%2Foauth2%2Fcallback

Your URL will vary depending on the content relative to your setup

in this example the domain name the is https://assets.myflyinggorillas.co.uk

• response_type = code
• client_id = localhost-postman-test
• resources= https://animals.api.test.intranet.net (URI to be encoded)
• redirect_uri= https://www.getpostman.com/oauth2/callback (URI to be encoded)

Body tab:

This needs to have your ADFS (windows) login details that you normally use for your machine or test — Windows username in the format ADF\USER1 and Password

This should be in the format x-www-form-urlencoded

• UserName
• Password
• AuthMethod

postman snapshot

Interceptor

Stop postman/interceptor from automatically following redirects as shown below

Create Environment variable

Add an environment key for the code to be saved in the environment variable (shown below)

Add an environment key for the token to be saved as well

The code which we will put in the test test will populate the field values on the right hand side.

Test tab:

In the test tab, put the script below to extract the code from the response header.

When the code below runs, it should save the value of the code in the environment

Save Code in Environment variable

tests["Content-Type is present"] = postman.getResponseHeader("Content-Type");
tests["Location is present"] = postman.getResponseHeader("Location");
var text = postman.getResponseHeader("Location");
if(text){
var arr = text.split('=');
var code = arr[1];
}
if(responseCode.code === 302){
postman.setEnvironmentVariable("code", code);
}
else(console.log("Could not get code" + responseCode.code));

GET TOKEN

Send another POST request to

https://assets.myflyinggorillas.co.uk/adfs/oauth2/token

The body of the request should be in the format x-www-form-urlencoded

The following keys need to be set up.

• client_id
• redirect_uri
• grant_type

code in curly brackets(as shown below),will be automatically picked up form the environment variables saved from the previous step.

use the code below to save the token in the environment variable and this can be called for other test steps

var data = JSON.parse(responseBody);
if(responseCode.code === 200){
 postman.setEnvironmentVariable("token", data.token);   
}
else(console.log("Could not get token" + responseBody));

Finally if you get everything setup like i did, you should send request code followed by request token. Then your code and token values should be populated as shown below.

Well done!