Copy id_token from manage access tokens

I’m trying to use Postman to test a REST service that is protected using JWT tokens retrieved from Auth0 (developer.auth0.com). If I enter the details for Auth0 into Postman and get an access token I get back the following access token data:

result → success
access_token → t2YBYE…
id_token → eyJ0eX…
token_type → bearer#=

To access the service I want to test I need to send the id_token value in a header. However, by default Postman will use the access_token value and there’s no possibility to choose otherwise.

It would be nice if it was possible to choose the token you want to use to send in the authorization header somehow.

3 Likes

@sandeep_varma I am not familiar with Auth0 all that much but I would like to better understand the issue you are facing.

Can you give us some more information on exactly what you are doing? What I am most interested in is the call to Auth0 to get the JWT. I am trying to figure the issue out myself but as mentioned, not familiar with Auth0 and how they create JWT’s

Thx

I am using postman to generate AuthO token. I am using Oauth 2.0 to generate that when i click on Get new access token and enter all required information it is generating both Access token and Id_token where in my case Id_token id JWT token. i want to copy that to my authorization but i am not able to do that every time it is copying Access token. it would be helpful for me some how i can copy id_token

@sandeep_varma I think I understand what you are trying to do.
Can you provide me a sample of the response body from this Auth call? Just remove or edit the data, I only really need to schema of whats returned.

@tmccann, I think Sandeep and I are attempting a similar workflow.

When you set up postman to get an Oauth 2 access token you can pretty easily set it up so that it will request an access token from Auth0. It’s a very common workflow with a JWT setup to specify the scope as “openid email profile” as in my screenshot below so that you get a JWT back.

When you do this, in the second screenshot you can see that postman has a field for “Access Token” and another for “id_token”. The “id_token” is the JWT, which is great, and seems very close to what we need. However, there doesn’t appear to be any way to use the “id_token” in the Authorization header rather than the “Access Token” that it uses by default. I don’t think this issue is specific to Auth0, but AWS Cognito and pretty much any service using Oauth 2 with JWTs will have a similar implementation.

I would like this capability as well. I can copy the value of the id_token from the manage access tokens modal and paste it into the token text field and Postman does send that as the Bearer token so it works but isn’t as convenient as having an option to configure PM to use id_token or to take an alternative action in place of “Use Token” to use id_token instead of the access token.

I’m facing the same issue with id_token.

Do u guys figure this out how to automatically use id_token except access_token?

Maybe Postman Team can add mentioned “Use ID Token” checkbox or sth.

I have the same problem, this is extremely inconvenient. I don’t want to copy and paste, but use it correctly.
The Postman team hear our prayers and answer us.

Yes. If the managed tokens were available as variables that would be great. For example

{{managedTokens.tokenName.id_token}}

Currently facing the same issue. If multiple token types are returned, then i’d like to select the one to use and not just taking the access token.

If there is a plausible reason not to implement this, then please let us know.

Same problem here, any news about this topic?

Postman team could add an option to select what token we want to provide on Bearer on our api calls, in this case having possibility to select the id_token instead of access token.
Is this possible with some hooks and javascript such as “pre-request scripts” on postman?

1 Like

I also would like this feature. It is annoying that I have to copy the IdToken from the response and paste it to a BearerToken. I would like to have PostMan offer a solution on with token to use.