search

postmanlabs / postman-app-support

Postman is an API platform for building and using APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs—faster.
https://www.postman.com
5.82k stars 838 forks source link

Unable to Obtain OAuth Access Code #8051

Closed danchirillo closed 4 years ago

danchirillo commented 4 years ago

App information

The Issue Unable to use Postman to retrieve OAuth access token. As far as I can tell from the Postman log, Postman is refusing to follow the redirect because it doesn't match the registered callback URL. The only difference that I see is URL encoding of that URL. (see Postman logs below)

To Reproduce

  1. Request access token using Postman UI (Get New Access Token)

    The Access Token Request image

Expected Behavior Postman directs to Authorization URL and then back to the Postman callback URL with an access code.

Note: When I use a browser to request the access code by using the following URL: https://datapower.192.168.13.10.nip.io/pd/sandbox/datapower/oauth2/authorize?response_type=code&client_id=d0189df3de1e32e9ebea9cd7003ef9ac&scope=scope_1&redirect_uri=https%3A%2F%2Fwww.getpostman.com%2Foauth2%2Fcallback

The redirect to the authorization URL works: image

As well as the redirect -- after authorization -- back to the Postman callback URL with the authorization code: image

Actual Behavior in Postman

image

Postman Log


[23652][1581515931006][main][info]["OAuth2WindowManager~startLoginWith - Opening auth login window","https://datapower.192.168.13.10.nip.io/pd/sandbox/datapower/oauth2/authorize?response_type=code&state=&client_id=d0189df3de1e32e9ebea9cd7003ef9ac&scope=scope_1&redirect_uri=https%3A%2F%2Fwww.getpostman.com%2Foauth2%2Fcallback"]
[23652][1581515931034][main][info]["OAuth2WindowManager~certificate-error:","net::ERR_CERT_AUTHORITY_INVALID","https://datapower.192.168.13.10.nip.io"]
[23652][1581515931271][main][info]["OAuth2WindowManager~did-navigate:","https://datapower.192.168.13.10.nip.io"]
[23652][1581515931271][main][info]["OAuth2WindowManager~startLoginWith - Received redirect on auth login window"]
[23652][1581515931272][main][info]["OAuth2WindowManager~startLoginWith - URL did not match the registered callbackURL, so skipping"]```
kevinswiber commented 4 years ago

This appears to be an issue with the authentication popup as a result of receiving a WWW-Authenticate header. I know Electron-based apps have had issues with this in the past. This can now be intercepted with the login event, though a custom dialog would have to be crafted. https://www.electronjs.org/docs/api/app#event-login

vikiCoder commented 4 years ago

Hi @danchirillo,

As @kevinswiber said, it is because of the WWW-Authenticate header in authorization chain which Electron does not handle by default. We have identified the problem and will start working on some fix. Not promising any dates for the fix though. Will update here when it is fixed.

vikiCoder commented 4 years ago

Hi,

We've added an option in OAuth2 that allows you to authenticate using your system's default browser while generating OAuth 2.0 token. That should solve the problem. Check out my comment on a similar issue for more details. Feel free to reopen the issue if the problem still persists.