Using Postman to access OAuth 2.0 Google APIs

oauth-2.0 google-api google-api-client postman google-oauth

188,022

Solution 1

Postman will query Google API impersonating a Web Application

Generate an OAuth 2.0 token:

Ensure that the Google APIs are enabled
Create an OAuth 2.0 client ID
- Go to Google Console -> API -> OAuth consent screen
  - Add getpostman.com to the Authorized domains. Click Save.
- Go to Google Console -> API -> Credentials
  - Click 'Create credentials' -> OAuth client ID -> Web application
    - Name: 'getpostman'
    - Authorized redirect URIs: https://www.getpostman.com/oauth2/callback
- Copy the generated Client ID and Client secret fields for later use
In Postman select Authorization tab and select "OAuth 2.0" type. Click 'Get New Access Token'
- Fill the GET NEW ACCESS TOKEN form as following
  - Token Name: 'Google OAuth getpostman'
  - Grant Type: 'Authorization Code'
  - Callback URL: https://www.getpostman.com/oauth2/callback
  - Auth URL: https://accounts.google.com/o/oauth2/auth
  - Access Token URL: https://accounts.google.com/o/oauth2/token
  - Client ID: Client ID generated in the step 2 (e.g., '123456789012-abracadabra1234546789blablabla12.apps.googleusercontent.com')
  - Client Secret: Client secret generated in the step 2 (e.g., 'ABRACADABRAus1ZMGHvq9R-L')
  - Scope: see the Google docs for the required OAuth scope (e.g., https://www.googleapis.com/auth/cloud-platform)
  - State: Empty
  - Client Authentication: "Send as Basic Auth header"
- Click 'Request Token' and 'Use Token'
Set the method, parameters, and body of your request according to the Google docs

Solution 2

The best way I found so far is to go to the Oauth playground here: https://developers.google.com/oauthplayground/

Select the relevant google api category, and then select the scope inside that category in the UI.
Get the authorization code by clicking "authorize API" blue button. Exchange authorization code for token by clicking the blue button.
Store the OAuth2 token and use it as shown below.

In the HTTP header for the REST API request, add: "Authorization: Bearer ". Here, Authorization is the key, and "Bearer ". For example: "Authorization: Bearer za29.KluqA3vRtZChWfJDabcdefghijklmnopqrstuvwxyz6nAZ0y6ElzDT3yH3MT5"

Solution 3

The current answer is outdated. Here's the up-to-date flow:

The approach outlined here still works (5th March, 2022) as confirmed by SauerTrout)

We will use the YouTube Data API for our example. Make changes accordingly.

Make sure you have enabled your desired API for your project.

Create the OAuth 2.0 Client

Visit https://console.cloud.google.com/apis/credentials
Click on CREATE CREDENTIALS
Select OAuth client ID
For Application Type choose Web Application
Add a name
Add following URI for Authorized redirect URIs

https://oauth.pstmn.io/v1/callback

Click Save
Click on the OAuth client you just generated
In the Topbar click on DOWNLOAD JSON and save the file somewhere on your machine.

We will use the file later to authenticate Postman.

Authorize Postman via OAuth 2.0 Client

In the Auth tab under TYPE choose OAuth 2.0
For values under Configuration Options enter the values found inside the client_secret_[YourClientID].json file we downloaded in step 9
Click on Get New Access Token
Make sure your settings are as follows:

Click here to see the settings

(In addition, multiple scope can be as follows, space-delimited: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile")

Click on Request Token
A new browser tab/window will open
Once the browser tab opens, login via the appropriate Google account
Accept the consent screen
Done

Ignore the browser message "Not safe" etc. This will be shown until your app has been screened by Google officials. In this case it will always be shown since Postman is the app.

Solution 4

go to https://console.developers.google.com/apis/credentials
create web application credentials.

Postman API Access

use these settings with oauth2 in Postman:
- Auth URL = https://accounts.google.com/o/oauth2/auth
- Access Token URL = https://accounts.google.com/o/oauth2/token
  1. Choose Scope for the HTTP API
  2. Generate Token
  3. to add Schema use:

SCOPE = https: //www.googleapis.com/auth/admin.directory.userschema

post https: //www.googleapis.com/admin/directory/v1/customer/customer-id/schemas

{
  "fields": [
    {
      "fieldName": "role",
      "fieldType": "STRING",
      "multiValued": true,
      "readAccessType": "ADMINS_AND_SELF"
    }
  ],
  "schemaName": "SAML"
}

to patch user use:

SCOPE = https://www.googleapis.com/auth/admin.directory.user

PATCH https://www.googleapis.com/admin/directory/v1/users/[email protected]

 {
  "customSchemas": {
     "SAML": {
       "role": [
         {
          "value": "arn:aws:iam::123456789123:role/Admin,arn:aws:iam::123456789123:saml-provider/GoogleApps",
          "customType": "Admin"
         }
       ]
     }
   }
}

Solution 5

I figured out that I was not generating Credentials for the right app type.
If you're using Postman to test Google oAuth 2 APIs, select
Credentials -> Add credentials -> OAuth2.0 client ID -> Web Application.

View more solutions

188,022

Author by

Sai

Updated on December 28, 2021

Comments

Sai over 2 years
I am trying to access Proximity Google API using Postman chrome app. I have followed tutorials on postman and google dev website but I'm still getting 401 error message.

What am I doing?
- Step 1 - Enable Proximity API:
In order to use Proximity API, it has to be first enabled in Google Dev console. Using this tutorial I have enabled support for Proximity API for my project
- Step 2 - Get the credentials:
According to this tutorial, I need to get client ID and secret. This is where I am confused. Credentials->Add credentials->OAuth2.0 client ID->select Chrome App radio button (since I am using Postman)->enter last part of Postman's Chrome Web store URL [which is fhbjgbiflinjbdggehcddcbncdddomop]->hit create button These steps will only generate a client ID, not a secret..am I doing something wrong?

From the Google Dev console, one can download an JSON file which has client id, auth URI and Token URI

I downloaded this but this is of little help if I am using Postman. I am guessing this JSON file is something that can be included in a JS application.
- Step 3 - Use Postman to test the API
What am I getting?

And, once I click on the debug URL, I see the following screen
manasouza almost 6 years

This workflow resolved my problem! Just to complement the explanation, after "Exchange authorization code for token" I copied the value at "Access token" field and used it as Authorization Bearer on Postman
Henadzi Rabkin over 5 years

More thoroughly explained than by Google's employees :)
ptim about 5 years

If using the Insomnia client, then both the Authorized Domain and Redirect URI are https://insomnia.rest Ref: support.insomnia.rest/article/38-authentication
LMG almost 5 years

This seemed to work until I get to the next issue which seems to be related to postman not supporting google 2FA authentication. Here is the message: "An application is requesting permission to access your Google Account." Any idea?
LeCodex almost 5 years

Impeccable answer. Thank you very much !
stansult about 4 years

I get “This browser or app may not be secure” result
Lev about 4 years

This flow does not work anymore: Google forbids authentication outside of main browsers. Postman team says they're working on "Authorize using browser" feature - github.com/postmanlabs/postman-app-support/issues/7700
Ryan Ellis about 4 years

Can absolutely verify this works with a g suite tenant. Only thing that could be better is how to automatically refresh the token ... my google api scrapes take well over an hour (the token lifetime)
BitfulByte about 4 years

I was able to get a token and use it, however when sending a request it returns with a response from google asking me to select which account to proceed with? The preview mode is not responding to any input. I have only one account... (using PostmanRuntime/7.24.1)
Vipertecpro over 3 years

Please marked this as correct answer <3 Thx alot brother....very well explained
Nam G VU over 3 years

Found similar guide with snapshot here
nofinator over 3 years

If you get an error for Scope, you can find a list of all the values here.
alexwhan over 3 years

How does this have no votes two years later. It is the only solution that still works
Zenahr over 3 years

Updated the post to reflect your confirmation that it still works.
Cyril Duchon-Doris about 3 years

Also note that scopes are separated by a regular whitespace in case you need to require multiple scopes. Like https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/admin.directory.userschema
Fadils almost 3 years

If you get the “This browser or app may not be secure” result, then please checkmark the "authorize using browser" tickbox, as explained by team postman themselves in github.com/postmanlabs/postman-app-support/issues/7700
Jackpile over 2 years

Login good, request youtube.googleapis.com/youtube/v3/channels, fails with: { "error": { "code": 403, "message": "The caller does not have permission", "errors": [ { "domain": "youtube.api.CommonRequestError", "reason": "ERROR_MISSING_SCOPE" } ], "status": "PERMISSION_DENIED" } }
mazend over 2 years

I confirmed that it works now too.
SauerTrout about 2 years

March 5, 2022 works perfectly! EDIT I would only add that for adding comments and other higher-permissions tasks, youtube.force-ssl is an appropriate scope.
user3447228 about 2 years

The callback URL you add to google console should be oauth.pstmn.io/v1/browser-callback
jim rothstein almost 2 years

Confirming @user3447228 that callback URL oauth.pstmn.io/v1/browser-callback works.