How to setup automated token retrieval in ADFS 3.0 using Postman
This guide is useful if you would need to automatically generate tokens for use in Postman and this has to be generated automatically before every test batch run.
The process requires you send two POST requests to get authenticated and retrieve an access token.
- The first request will receive a code.
- The second request will receive use the code to retrieve an access token
Step-by-step guide
Before this setup, you should have a client account setup in ADFS 3.0
GET CODE
You need to have the following
- ADFS 3.0 server domain
- Windows username in the format ADF\USER1 and Password
Open postman and setup a POST request to the authentication domain name
This URI in the URL will need to be encoded, which will result in you having https://assets.myflyinggorillas.co.uk/adfs/oauth2/authorize?response_type=code&client_id=localhost-postman-test&resource=https%3A%2F%2Fanimals.api.test.intranet.net&redirect_uri=https%3A%2F%2Fwww.getpostman.com%2Foauth2%2Fcallback
Your URL will vary depending on the content relative to your setup
in this example the domain name the is https://assets.myflyinggorillas.co.uk
- response_type = code
- client_id = localhost-postman-test
- resources= https://animals.api.test.intranet.net (URI to be encoded)
- redirect_uri= https://www.getpostman.com/oauth2/callback (URI to be encoded)
Body tab:
This needs to have your ADFS (windows) login details that you normally use for your machine or test — Windows username in the format ADF\USER1 and Password
This should be in the format x-www-form-urlencoded
- UserName
- Password
- AuthMethod
Interceptor
Stop postman/interceptor from automatically following redirects as shown below
Create Environment variable
Add an environment key for the code to be saved in the environment variable (shown below)
Add an environment key for the token to be saved as well
The code which we will put in the test test will populate the field values on the right hand side.
Test tab:
In the test tab, put the script below to extract the code from the response header.
When the code below runs, it should save the value of the code in the environment
Save Code in Environment variable
tests["Content-Type is present"] = postman.getResponseHeader("Content-Type");tests["Location is present"] = postman.getResponseHeader("Location");var text = postman.getResponseHeader("Location");if(text){var arr = text.split('=');var code = arr[1];}if(responseCode.code === 302){postman.setEnvironmentVariable("code", code);}else(console.log("Could not get code" + responseCode.code));
GET TOKEN
Send another POST request to
https://assets.myflyinggorillas.co.uk/adfs/oauth2/token
The body of the request should be in the format x-www-form-urlencoded
The following keys need to be set up.
- client_id
- redirect_uri
- grant_type
code in curly brackets(as shown below),will be automatically picked up form the environment variables saved from the previous step.
use the code below to save the token in the environment variable and this can be called for other test steps
var data = JSON.parse(responseBody);
if(responseCode.code === 200){
postman.setEnvironmentVariable("token", data.token);
}
else(console.log("Could not get token" + responseBody));
Finally if you get everything setup like i did, you should send request code followed by request token. Then your code and token values should be populated as shown below.
Well done!