PKCE with Postman

Howdy folks! I was wondering how some of yal might be getting auth tokens using postman if the auth server you’re authenticating against is implementing PKCE.

Going off this issue on Github, the public roadmap, and from what I’ve read in the postman docs, it looks like there aren’t any plans to add this to the Postman UI at the moment.

I have a set of requests set up with some pre-request scripts to generate the code_verifier and code_challenge that I think will work for us, but if someone else has come up with a more clever way of using Postman with PKCE then I’d sure like to hear it.

App information (please complete the following information):

  • Native App (Winforms (yes you read that right))
  • Postman Version 7.2.2
  • OS: Windows 8.1

Additional context

  • Using implementation of Identity Server 4
  • ID Server 4 is using Azure Active Directory as a user store