OAuth 1.0 Authorization Flow using Flickr and Postman

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi there this is valentine and welcome to another postman tutorial this time i wanted to show you how you can use the flickr api in postman and flickr uses a walls 1.0 and it's a bit trickier to get this to run in postman and nevertheless oauth 1.0 is a bit deprecated it's not so used anymore but some older applications still use it so this is why i'm showing you how you can use it in postman so the first thing is to open the documentation for the flickr api you will find a link in the video description if you cannot find it let's get started by first creating an app now an app is what we need in order to get started using this api so this is part of flicker calls it the app garden so i'm gonna request an api key this is non-commercial for me because i'm just doing this tutorial to show you how to work for it if you want to build a commercial api make sure that you register for a commercial key because i want to use this in postman i would simply select postman and i'll type in here a description i agree to the terms and conditions and hit the submit button now in this moment i have here a key and a secret and these are very important because this is how flickr identifies the application that we're building first we're not building an application right now but if you're building an application this is the key and the secret that would identify your application going back here to the documentation you see that oauth has a flow and i think it's pretty well described here on how it goes so it's practically a three-step process in order to access any information that is protected so let's see what we need to do the first step is to get the request token it's explained here get a request token we have to send some parameters then flickr will send us back the request token let's see how we can get this to run in postman well the address where we're sending this request is this one so i'm gonna copy it you will see at the end it says request underscore token in postman i will open up a new tab paste this here make sure that you don't have any new lines and right in the beginning i'm gonna do the following i'm going to go here at the environments i'm going to add the new environment i'm going to call this flickr and these two values here i'm going to put them into two separate postman variables so this will be the consumer key and the next one will be the consumer secret okay i'm gonna add them next i'm going to go to the authorization tab and from the list i'm going to select walls 1.0 the first value that we're going to populate is the consumer key and consumer secret i'm going to use the environment variables that we have just entered just make sure to select the environment of course the autocomplete will kick on so consumer key humor secret let's look at the advanced values that we have here we must ensure that this is the signature method that we're using hmac sha1 and the version will be 1.0 let's go ahead and submit this request and see what happens we're gonna get here an arrow back 400 bet request this means that we still need to submit some data this is the oauth callback this is where the user will be sent after he or she confirms that it gives access to your application we need to provide this in our request as well postman unfortunately doesn't offer this field so we need to manually go to params and you'll see here that already postman has pre-populated a lot of fields that we need but this one needs to be here and we're gonna use simply example.com this is absolutely enough for this case as you can see the information changes and postman will add this all signature and this is something that's automatically calculated and this is where actually the power of postman comes into play so let's meet this request again sometimes it's working sometimes it's not working let's try it again okay now we get the status 200 what happens here is we get this response and the response contains an auth token and an auth token secret we will need these in the next request what happened here is we are here at this step we have sent a request for the request token and back we got three parameters all token the all token secret the doors token callback confirmed this is just the boolean true false and what we need to do with this is to redirect the user to the next page which is for the authorization let's simply go ahead create a new collection i'm gonna call it flickr i'm gonna save this step here would be one request token and select the flickr collection perfect so the next step is step number two so for step number two we need to send the user to this address and additionally we need to provide another parameter this is the auth token parameter i'm going to go here to query params paste this here and actually the alt token is what we got from the response this value here i'm gonna simply put it here now unfortunately i cannot run this request in postman but of course i can run it but if i go to preview it would tell me that postman doesn't have the javascript enabled and for that reason doesn't it cannot work i'm going to simply copy this url go into browser and open up a new tab this time i'm going to paste this and since i'm already logged into my flickr account i enjoy gonna be asked if i allow postman to access my flickr account this of course has absolutely no relationship if i find the same person who created the application or if it's another person what happens next is it will tell me what postman is then authorized to do and what not of course i will click yes or authorize it and what happens next is that i get this information back in the url so this is the callback url this is when the user is then redirected to the app and the app becomes this additional information the auth token has remained the same but the oauth verifier is the different value and this is something that we will need very very soon in the next step so what's the next step we are going to exchange the request token for an access token i know it is a very long and complicated process but just just hang on so this was the second request say this is allow access i'm gonna close it because we don't need it anymore and open your tab paste this new address with the access token so this is different from the request token of course so this is a different request altogether gonna go to authorization both one fortunately some information has already been populated here we are gonna do the following we're gonna get this information from the first request that came back i'm gonna copy it again i'm gonna put it here in the access token and the oauth token secret from here i'm gonna put it in the token secret additionally we need to provide another parameter which again postman unfortunately doesn't offer so let's submit this and i'm going to tell us that verifier invalid so we need to add a verifier field the verifier is this one oauth verifier so again going to the parents ass verifier and as you remember we got the verifier here in the callback so i'm going to simply copy this put it in postman and send this request again now we have managed to get the new token the new auth token and the new secret this is the new token and this is the new secret okay so this has been the third request get access token don't worry i'll provide you in the description with this collection so that you don't have to do everything manually so let's follow along with the documentation now we should actually start by making a call and this is one of the end points that we can call and we are going to add some variables so this is one of the end points that we can call i'm going to copy the address open up a new tab you'll notice here that there are some parameters that we're sending here so for example no json callback this will have the value of one format will be json and additionally i'm gonna use this method okay now again i'm gonna go to the authorization select off one and this time we're gonna use the access token and the secret that we got from the third request so copy this we see that it's a different value the same goes for the secret submit the request fortunately it's 200 and here we can see my profile information it's not much it's just showing that the auth one authentication and authorization has been successful and this would be the fourth step let's call it getdata so what i don't really like about this request is that they all have a lot of parameters and a lot of things that need to change and for that reason i wanted to make it a bit more dynamic and to reduce the chances of making an errors so what i'm gonna do first of all is to parse the response body from the first request the format that's being used here is the same that is used for query parameters i'm going to use a postman library to parse this response and to set some postman variables i'm going to go in the first request to the test i'm gonna define a variable called collection i'm gonna require a library called postman collection and i'm going to define a new variable called params this will use another object which is called collection query param dot parse and we are going to parse this string so in order to access this string here i'm going to use pm.response.txt i'm going to open up the postman console i'm gonna clear everything that's inside run this request just a second to lock this information as well so what we're getting here is okay this is an off problem but you can see that it's getting back all the information so we can easily access it from here so now it has been successful what we're interested in is the first and the second values so we're gonna set two postman variables both token and north token secret so this will be environment variables i'm going to select this will be the all token and we can easily get the value from the parents will be params this will be the second parameter so this is the key number zero key number one i'm gonna get a property value same procedure for the next one this will be the auth token secret and this will be the key number two and again we're getting the value so let's retry this sometimes it works the second time it works okay so now if we inspect the environment we'll be able to see that we have now additional values here the auth token and our token secret so where we are using the oauth token we are using the auth token here of course this will not change anything we still need to get the actual address that has been sent out by postman but nevertheless let's try it like this the address is this one here simply copy it go to the browser paste this the same information i'll authorize it but we're interested next in saving the off verifier fortunately we have to do this manually and go inside the collection inside the environment excuse me i'm going to create here a variable called auth verifier put a value that we had i'm gonna update this we are done with the first and second request i'm gonna go to the third request as you can see we can directly update here the off verifier but just as well we'll have to set here the access token would be the all token auth token secret so when we submit this request it will be successful as well and again we'll have to parse some information from here so we're going to use the exact same approach as we've used here so simply copy paste in the code and actually what we're gonna do is we are gonna override these variables now we can notice that the auth token is again the first one the first key this is the second key so as it stands it should work so let's see if this is actually the case okay so we have to restart the entire process because the token has been used but we can replace this here as well now we should have an entire flow so let's try it out from the beginning to understand what's going on so first of all we are sending a request for getting the token i don't know why this is failing the first time but it's always working the second time now we have updated the environment variable so if you can check against them you will see here that the house token and all token secret they should be exactly the same as the ones from the response again looking at this allow access request we can inspect the request which has been sent here in the background i'm gonna simply copy the address from here i'm gonna take it again in the browser paste it will authorize the application and again we're going to get the oauth verifier back with auth verifier again we're going at the environment and we are updating the value here and this means we can go to the third request this time with this one as well i'm gonna get 200 and we have also replaced the token and the secret then we can go to the fourth request submit this as well i'm gonna get to 200 and who everything worked super complicated there's anything that you any parameter or anything that you enter wrongly will render this not work so this is why i wanted to show you step by step i know there are a lot of steps i know that this is confusing it's trust me it's just as confusing for me as it is for you off is not easy there are so many terms and so many things that need to work together fortunately for this flickr api everything seems to work now thank you for watching this long tutorial i hope it wasn't too boring and that you have learned something new and it managed to help you do this in your own project if you enjoyed this video give it a thumbs up subscribe to this channel for more tutorials like this and see you next time at another tutorial don't forget to check the video description because there you will find this postman collection and all you need to do is to generate your own consumer key and secret and you can start playing around with this finally a question that sometimes comes regarding oauth and this is understandable how can i automate this entire process in postman and the thing is you you cannot automate it so you cannot automate the step where the user actually clicks not from postman you need to look at other ways on how you can automate if you need to test the scenario like this one but from postman you have to do it manually as i've shown you again thank you for watching and see you next time bye [Music] you
Info
Channel: Valentin Despa
Views: 20,146
Rating: undefined out of 5
Keywords: postman tutorials, OAuth, oauth 2.0, postman tutorial for beginners with api testing example, request, access, access tutorial, access token, grant types in oauth2, application json postman, token type beat free, token_type, refresh token oauth2, refresh token jwt
Id: 3gXPjj5iEAA
Channel Id: undefined
Length: 18min 15sec (1095 seconds)
Published: Fri May 15 2020
Related Videos
oAuth for Beginners - How oauth authentication🔒 works ?
IT k Funde
33K
API Testing Using Postman | Crash Course
Mukesh otwani
82K
lofi hip hop radio 📚 - beats to relax/study to
Lofi Girl
17K
Postman Tutorial #18 - Authorization in Postman | Authorizing Requests
Software Testing Mentor
12K
Run Postman Collections in Jenkins with Newman
Valentin Despa
20K
Introduction to APIs, Postman and API testing in 25 minutes (GET vs POST)
Valentin Despa
29K
An Illustrated Guide to OAuth and OpenID Connect
OktaDev
565K
Loop request based on data from response in Postman
Valentin Despa
57K
Quickly Authenticate Users with FastAPI and Token Authentication
Akamai Developer
98K
Compare two JSON responses with Postman
Valentin Despa
21K
POSTMAN BEGINNER TUTORIAL 18 💡 How to get value from Response and refer in Request | REST
Automation Step by Step
191K
Twitter Oauth 1.0 using Postman client
Crintive
14K
Introduction to the ChatGPT API with Postman
Valentin Despa
18K
ASP.NET Core 8 Web API in Clean architecture from scratch
Fullstack Dev
13K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.