The goal
Be able to run a collection without going through the authorization process of every call individually prior to running the collection.
What I've attempted/noticed
When using the OAuth2 authorization helper in Postman, I haven't discovered a method to save a returned refresh token, and thus use it when the access token expires to get a new one. (I've suggested this feature be placed into the helper in the Postman Github Issues.)
I've tried creating a few steps at the beginning of the collection to replicate the helper, but cannot get past the step where user interaction is required to approve/deny (which makes sense as it's a security risk otherwise). However, I can't seem to figure out how to prompt the user either, the way the OAuth2 helper does.
I've taken my expectations down a notch in regards to the refresh token and thought I could simply run the authentication on the first test in the list, saving the access token somehow in a global or environment variable, and then using that token in the all subsequent tests, but I have not found a way to save the access token generated via the OAuth2 helper.
I would love to know if there is a solution to this which results in collections being able to be run with minimal effort put into authorization. This becomes more important with the more tests written in a collection which all use OAuth2 authorization.
Side note: I've been using the Postman mac client, in case there is a different in clients I'm unaware of.
Ok, first enter your OAUTH token URL, click on the Body tab, and fill out these POST parameters: client_id, grant_type, username, password, override.
Then, click on the Test tab, enter this text and then press Send:
var data = JSON.parse(responseBody);
pm.setGlobalVariable("access_token", data.access_token);
pm.setGlobalVariable("refresh_token", data.refresh_token);
Then enter one of your application URLs, click on the Headers Tab, and enter a parameter Authorization with a value Bearer {{access_token}}. Then click on Send.
Voila!