SlideShare ist ein Scribd-Unternehmen logo

Using Postman to Test OAuth/OIDC

Postman
Postman

In this talk, I will be covering the story of my team's adoption of Postman—from QA to development to customer-facing documentation. I will cover how PingIdentity's use of convenience methods in tests make working with our REST API more convenient. I will also cover advanced use of imported Node modules to manually step through the OAuth/OIDC process and how Postman Environment usage helps us manage credentials and tokens and standardize service collections to build out automated tests.

Software
1 von 16
Downloaden Sie, um offline zu lesen
Using Postman to Test OAuth/OIDC Gideon McKee Software Quality Engineer Ping Identity
<Self/Ping description and motivation> ● Identity Security Company ● Let us roll your own authentication ● PingOne for Customers ● IDaaS ● RESTful API calls ● API calls made over HTTP
OAuth/OIDC Review
OAuth 2.0 ● Open standard for access delegation ● A framework ● Multiple “grant types” ● Other protocols (including OIDC) are built on top of OAuth 2.0 ● Gets you (or your app) a token
The Auth(orization) Code flow, a.k.a. “3-legged OAuth”
Auth Code - take two Resource Server Beer Tent Authorization Server ID Tent User Authentication ID Card Access Token Wrist Band Auth Code ???? Web App Backend Token Endpoint Access Token
So how do we test this?
Stepping through a login ● Make an /authorize request ● Do the authentication part (this is not covered by protocol) ● Return to the “app” with a code ● Exchange that code for a token
OIDC ● Authentication layer on top of OAuth 2.0 ● If someone has a key to your mailbox, they are not necessarily you ● ID Token ● /userinfo endpoint
Recap What did we learn? ● Don’t roll your own authentication ● OAuth + OIDC handles authorization + authentication ● Good Postman collections enable QA, Dev, Docs, and more ● Testing APIs that use HTTP is all about Requests and Responses
Questions?

Empfohlen

OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDCShiu-Fun Poon
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect ExplainedVladimir Dzhuvinov
 
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...Postman
 
Getting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerGetting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerVMware Tanzu
 
Postman
PostmanPostman
PostmanIgor Shubovych
 
Api gateway in microservices
Api gateway in microservicesApi gateway in microservices
Api gateway in microservicesKunal Hire
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 

Empfohlen

OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDCShiu-Fun Poon
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect ExplainedVladimir Dzhuvinov
 
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...Postman
 
Getting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerGetting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerVMware Tanzu
 
Postman
PostmanPostman
PostmanIgor Shubovych
 
Api gateway in microservices
Api gateway in microservicesApi gateway in microservices
Api gateway in microservicesKunal Hire
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect ProtocolMichael Furman
 
API Testing. Streamline your testing process.
API Testing. Streamline your testing process.API Testing. Streamline your testing process.
API Testing. Streamline your testing process.Andrey Oleynik
 
Api presentation
Api presentationApi presentation
Api presentationTiago Cardoso
 
Postman Webinar: “Continuous Testing with Postman”
Postman Webinar: “Continuous Testing with Postman”Postman Webinar: “Continuous Testing with Postman”
Postman Webinar: “Continuous Testing with Postman”Postman
 
Postman: An Introduction for Developers
Postman: An Introduction for DevelopersPostman: An Introduction for Developers
Postman: An Introduction for DevelopersPostman
 
Driving Pipeline Automation With Newman and the Postman API
Driving Pipeline Automation With Newman and the Postman APIDriving Pipeline Automation With Newman and the Postman API
Driving Pipeline Automation With Newman and the Postman APIPostman
 
Security for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarjSecurity for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarjPavan Kumar J
 
Space Camp - API Contract Testing
Space Camp - API Contract TestingSpace Camp - API Contract Testing
Space Camp - API Contract TestingPostman
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples42Crunch
 
Postman Webinar: Postman 101
Postman Webinar: Postman 101Postman Webinar: Postman 101
Postman Webinar: Postman 101Nikita Sharma
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectLiamWadman
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API ManagementApigee | Google Cloud
 
Api testing
Api testingApi testing
Api testingHamzaMajid13
 
API Testing
API TestingAPI Testing
API TestingBikash Sharma
 
API Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGAPI Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGSiddharth Sharma
 
Space Camp June 2022 - API First.pdf
Space Camp June 2022 - API First.pdfSpace Camp June 2022 - API First.pdf
Space Camp June 2022 - API First.pdfPostman
 
Anatomy of business logic vulnerabilities
Anatomy of business logic vulnerabilitiesAnatomy of business logic vulnerabilities
Anatomy of business logic vulnerabilitiesDaveEdwards12
 
OpenAPI development with Python
OpenAPI development with PythonOpenAPI development with Python
OpenAPI development with PythonTakuro Wada
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0Uwe Friedrichsen
 
Testing Your APIs: Postman, Newman, and Beyond
Testing Your APIs: Postman, Newman, and BeyondTesting Your APIs: Postman, Newman, and Beyond
Testing Your APIs: Postman, Newman, and BeyondPostman
 
Mobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsMobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsPieter Ennes
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectJacob Combs
 

Weitere ähnliche Inhalte

Was ist angesagt?

OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect ProtocolMichael Furman
 
API Testing. Streamline your testing process.
API Testing. Streamline your testing process.API Testing. Streamline your testing process.
API Testing. Streamline your testing process.Andrey Oleynik
 
Postman Webinar: “Continuous Testing with Postman”
Postman Webinar: “Continuous Testing with Postman”Postman Webinar: “Continuous Testing with Postman”
Postman Webinar: “Continuous Testing with Postman”Postman
 
Postman: An Introduction for Developers
Postman: An Introduction for DevelopersPostman: An Introduction for Developers
Postman: An Introduction for DevelopersPostman
 
Driving Pipeline Automation With Newman and the Postman API
Driving Pipeline Automation With Newman and the Postman APIDriving Pipeline Automation With Newman and the Postman API
Driving Pipeline Automation With Newman and the Postman APIPostman
 
Security for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarjSecurity for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarjPavan Kumar J
 
Space Camp - API Contract Testing
Space Camp - API Contract TestingSpace Camp - API Contract Testing
Space Camp - API Contract TestingPostman
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples42Crunch
 
Postman Webinar: Postman 101
Postman Webinar: Postman 101Postman Webinar: Postman 101
Postman Webinar: Postman 101Nikita Sharma
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectLiamWadman
 
API Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGAPI Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGSiddharth Sharma
 
Space Camp June 2022 - API First.pdf
Space Camp June 2022 - API First.pdfSpace Camp June 2022 - API First.pdf
Space Camp June 2022 - API First.pdfPostman
 
Anatomy of business logic vulnerabilities
Anatomy of business logic vulnerabilitiesAnatomy of business logic vulnerabilities
Anatomy of business logic vulnerabilitiesDaveEdwards12
 
OpenAPI development with Python
OpenAPI development with PythonOpenAPI development with Python
OpenAPI development with PythonTakuro Wada
 
Testing Your APIs: Postman, Newman, and Beyond
Testing Your APIs: Postman, Newman, and BeyondTesting Your APIs: Postman, Newman, and Beyond
Testing Your APIs: Postman, Newman, and BeyondPostman
 

Was ist angesagt? (20)

OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect Protocol
 
API Testing. Streamline your testing process.
API Testing. Streamline your testing process.API Testing. Streamline your testing process.
API Testing. Streamline your testing process.
 
Api presentation
Api presentationApi presentation
Api presentation
 
Postman Webinar: “Continuous Testing with Postman”
Postman Webinar: “Continuous Testing with Postman”Postman Webinar: “Continuous Testing with Postman”
Postman Webinar: “Continuous Testing with Postman”
 
Postman: An Introduction for Developers
Postman: An Introduction for DevelopersPostman: An Introduction for Developers
Postman: An Introduction for Developers
 
Driving Pipeline Automation With Newman and the Postman API
Driving Pipeline Automation With Newman and the Postman APIDriving Pipeline Automation With Newman and the Postman API
Driving Pipeline Automation With Newman and the Postman API
 
Security for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarjSecurity for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarj
 
Space Camp - API Contract Testing
Space Camp - API Contract TestingSpace Camp - API Contract Testing
Space Camp - API Contract Testing
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples
 
Postman Webinar: Postman 101
Postman Webinar: Postman 101Postman Webinar: Postman 101
Postman Webinar: Postman 101
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID Connect
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
 
Api testing
Api testingApi testing
Api testing
 
API Testing
API TestingAPI Testing
API Testing
 
API Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGAPI Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNG
 
Space Camp June 2022 - API First.pdf
Space Camp June 2022 - API First.pdfSpace Camp June 2022 - API First.pdf
Space Camp June 2022 - API First.pdf
 
Anatomy of business logic vulnerabilities
Anatomy of business logic vulnerabilitiesAnatomy of business logic vulnerabilities
Anatomy of business logic vulnerabilities
 
OpenAPI development with Python
OpenAPI development with PythonOpenAPI development with Python
OpenAPI development with Python
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
 
Testing Your APIs: Postman, Newman, and Beyond
Testing Your APIs: Postman, Newman, and BeyondTesting Your APIs: Postman, Newman, and Beyond
Testing Your APIs: Postman, Newman, and Beyond
 

Ähnlich wie Using Postman to Test OAuth/OIDC

Mobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsMobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsPieter Ennes
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectJacob Combs
 
How to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxHow to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxChanna Ly
 
Integrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use caseIntegrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use caseBahman Kalali
 
[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New Black[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New BlackWSO2
 
Introduction to the Globus Platform for Developers
Introduction to the Globus Platform for DevelopersIntroduction to the Globus Platform for Developers
Introduction to the Globus Platform for DevelopersGlobus
 
Microsoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsMicrosoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsStefan Weber
 
Microsoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application PermissionsMicrosoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application PermissionsStefan Weber
 
OAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring BootOAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring BootGeert Pante
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedCalvin Noronha
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New BlackWSO2
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connectDerek Binkley
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
OAuth 2.0 for Web and Native (Mobile) App Developers
OAuth 2.0 for Web and Native (Mobile) App DevelopersOAuth 2.0 for Web and Native (Mobile) App Developers
OAuth 2.0 for Web and Native (Mobile) App DevelopersPrabath Siriwardena
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular jsBixlabs
 
Microsoft identity manoj mittal
Microsoft identity manoj mittalMicrosoft identity manoj mittal
Microsoft identity manoj mittalManoj Mittal
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST securityIgor Bossenko
 

Ähnlich wie Using Postman to Test OAuth/OIDC (20)

Mobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsMobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patterns
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID Connect
 
How to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxHow to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptx
 
Integrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use caseIntegrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use case
 
[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New Black[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New Black
 
Introduction to the Globus Platform for Developers
Introduction to the Globus Platform for DevelopersIntroduction to the Globus Platform for Developers
Introduction to the Globus Platform for Developers
 
OAuth 2
OAuth 2OAuth 2
OAuth 2
 
Microsoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsMicrosoft Graph API Delegated Permissions
Microsoft Graph API Delegated Permissions
 
Microsoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application PermissionsMicrosoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application Permissions
 
OAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring BootOAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring Boot
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWS
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connect
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
OAuth 2.0 for Web and Native (Mobile) App Developers
OAuth 2.0 for Web and Native (Mobile) App DevelopersOAuth 2.0 for Web and Native (Mobile) App Developers
OAuth 2.0 for Web and Native (Mobile) App Developers
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular js
 
Microsoft identity manoj mittal
Microsoft identity manoj mittalMicrosoft identity manoj mittal
Microsoft identity manoj mittal
 
REST API Authentication Methods.pdf
REST API Authentication Methods.pdfREST API Authentication Methods.pdf
REST API Authentication Methods.pdf
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
 

Mehr von Postman

Elevating Developer Experiences with AI-Powered API Testing & Documentation
Elevating Developer Experiences with AI-Powered API Testing & DocumentationElevating Developer Experiences with AI-Powered API Testing & Documentation
Elevating Developer Experiences with AI-Powered API Testing & DocumentationPostman
 
Discovering Public APIs and Public API Network with Postman
Discovering Public APIs and Public API Network with PostmanDiscovering Public APIs and Public API Network with Postman
Discovering Public APIs and Public API Network with PostmanPostman
 
Optimizing Teamwork: Harnessing Collections & Workspaces for Collaboration
Optimizing Teamwork: Harnessing Collections & Workspaces for CollaborationOptimizing Teamwork: Harnessing Collections & Workspaces for Collaboration
Optimizing Teamwork: Harnessing Collections & Workspaces for CollaborationPostman
 
API testing Beyond the Basics AI & Automation Techniques
API testing Beyond the Basics AI & Automation TechniquesAPI testing Beyond the Basics AI & Automation Techniques
API testing Beyond the Basics AI & Automation TechniquesPostman
 
Not Your Grandma’s Rate Limiting (slides)
Not Your Grandma’s Rate Limiting (slides)Not Your Grandma’s Rate Limiting (slides)
Not Your Grandma’s Rate Limiting (slides)Postman
 
Five Ways to Automate API Testing with Postman
Five Ways to Automate API Testing with PostmanFive Ways to Automate API Testing with Postman
Five Ways to Automate API Testing with PostmanPostman
 
How to Scale APIs-as-Product for Future Success
How to Scale APIs-as-Product for Future SuccessHow to Scale APIs-as-Product for Future Success
How to Scale APIs-as-Product for Future SuccessPostman
 
Revolutionizing API Development: Collaborative Workflows with Postman
Revolutionizing API Development: Collaborative Workflows with PostmanRevolutionizing API Development: Collaborative Workflows with Postman
Revolutionizing API Development: Collaborative Workflows with PostmanPostman
 
Everything You Always Wanted to Know About AsyncAPI
Everything You Always Wanted to Know About AsyncAPIEverything You Always Wanted to Know About AsyncAPI
Everything You Always Wanted to Know About AsyncAPIPostman
 
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3Elevating Event-Driven World: A Deep Dive into AsyncAPI v3
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3Postman
 
Five Things You SHOULD Know About Postman
Five Things You SHOULD Know About PostmanFive Things You SHOULD Know About Postman
Five Things You SHOULD Know About PostmanPostman
 
Integration-, Snapshot- and Performance-Testing APIs
Integration-, Snapshot- and Performance-Testing APIs Integration-, Snapshot- and Performance-Testing APIs
Integration-, Snapshot- and Performance-Testing APIs Postman
 
How ChatGPT led OpenAPI's Recent Spike in Popularity
How ChatGPT led OpenAPI's Recent Spike in PopularityHow ChatGPT led OpenAPI's Recent Spike in Popularity
How ChatGPT led OpenAPI's Recent Spike in PopularityPostman
 
Exploring Postman’s VS Code Extension
Exploring Postman’s VS Code ExtensionExploring Postman’s VS Code Extension
Exploring Postman’s VS Code ExtensionPostman
 
2023 State of the API Report: Key Findings and Trends
2023 State of the API Report: Key Findings and Trends2023 State of the API Report: Key Findings and Trends
2023 State of the API Report: Key Findings and TrendsPostman
 
Nordic- APIOps is here What will you build in an API First World
Nordic- APIOps is here What will you build in an API First World Nordic- APIOps is here What will you build in an API First World
Nordic- APIOps is here What will you build in an API First World Postman
 
Testing and Developing gRPC APIs
Testing and Developing gRPC APIsTesting and Developing gRPC APIs
Testing and Developing gRPC APIsPostman
 
Testing and Developing GraphQL APIs
Testing and Developing GraphQL APIsTesting and Developing GraphQL APIs
Testing and Developing GraphQL APIsPostman
 
Introduction to API Security - Intergalactic
Introduction to API Security - IntergalacticIntroduction to API Security - Intergalactic
Introduction to API Security - IntergalacticPostman
 
Unboxing What's New in Postman Q2
Unboxing What's New in Postman Q2Unboxing What's New in Postman Q2
Unboxing What's New in Postman Q2Postman
 

Mehr von Postman (20)

Elevating Developer Experiences with AI-Powered API Testing & Documentation
Elevating Developer Experiences with AI-Powered API Testing & DocumentationElevating Developer Experiences with AI-Powered API Testing & Documentation
Elevating Developer Experiences with AI-Powered API Testing & Documentation
 
Discovering Public APIs and Public API Network with Postman
Discovering Public APIs and Public API Network with PostmanDiscovering Public APIs and Public API Network with Postman
Discovering Public APIs and Public API Network with Postman
 
Optimizing Teamwork: Harnessing Collections & Workspaces for Collaboration
Optimizing Teamwork: Harnessing Collections & Workspaces for CollaborationOptimizing Teamwork: Harnessing Collections & Workspaces for Collaboration
Optimizing Teamwork: Harnessing Collections & Workspaces for Collaboration
 
API testing Beyond the Basics AI & Automation Techniques
API testing Beyond the Basics AI & Automation TechniquesAPI testing Beyond the Basics AI & Automation Techniques
API testing Beyond the Basics AI & Automation Techniques
 
Not Your Grandma’s Rate Limiting (slides)
Not Your Grandma’s Rate Limiting (slides)Not Your Grandma’s Rate Limiting (slides)
Not Your Grandma’s Rate Limiting (slides)
 
Five Ways to Automate API Testing with Postman
Five Ways to Automate API Testing with PostmanFive Ways to Automate API Testing with Postman
Five Ways to Automate API Testing with Postman
 
How to Scale APIs-as-Product for Future Success
How to Scale APIs-as-Product for Future SuccessHow to Scale APIs-as-Product for Future Success
How to Scale APIs-as-Product for Future Success
 
Revolutionizing API Development: Collaborative Workflows with Postman
Revolutionizing API Development: Collaborative Workflows with PostmanRevolutionizing API Development: Collaborative Workflows with Postman
Revolutionizing API Development: Collaborative Workflows with Postman
 
Everything You Always Wanted to Know About AsyncAPI
Everything You Always Wanted to Know About AsyncAPIEverything You Always Wanted to Know About AsyncAPI
Everything You Always Wanted to Know About AsyncAPI
 
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3Elevating Event-Driven World: A Deep Dive into AsyncAPI v3
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3
 
Five Things You SHOULD Know About Postman
Five Things You SHOULD Know About PostmanFive Things You SHOULD Know About Postman
Five Things You SHOULD Know About Postman
 
Integration-, Snapshot- and Performance-Testing APIs
Integration-, Snapshot- and Performance-Testing APIs Integration-, Snapshot- and Performance-Testing APIs
Integration-, Snapshot- and Performance-Testing APIs
 
How ChatGPT led OpenAPI's Recent Spike in Popularity
How ChatGPT led OpenAPI's Recent Spike in PopularityHow ChatGPT led OpenAPI's Recent Spike in Popularity
How ChatGPT led OpenAPI's Recent Spike in Popularity
 
Exploring Postman’s VS Code Extension
Exploring Postman’s VS Code ExtensionExploring Postman’s VS Code Extension
Exploring Postman’s VS Code Extension
 
2023 State of the API Report: Key Findings and Trends
2023 State of the API Report: Key Findings and Trends2023 State of the API Report: Key Findings and Trends
2023 State of the API Report: Key Findings and Trends
 
Nordic- APIOps is here What will you build in an API First World
Nordic- APIOps is here What will you build in an API First World Nordic- APIOps is here What will you build in an API First World
Nordic- APIOps is here What will you build in an API First World
 
Testing and Developing gRPC APIs
Testing and Developing gRPC APIsTesting and Developing gRPC APIs
Testing and Developing gRPC APIs
 
Testing and Developing GraphQL APIs
Testing and Developing GraphQL APIsTesting and Developing GraphQL APIs
Testing and Developing GraphQL APIs
 
Introduction to API Security - Intergalactic
Introduction to API Security - IntergalacticIntroduction to API Security - Intergalactic
Introduction to API Security - Intergalactic
 
Unboxing What's New in Postman Q2
Unboxing What's New in Postman Q2Unboxing What's New in Postman Q2
Unboxing What's New in Postman Q2
 

Kürzlich hochgeladen

React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfIdiosysTechnologies1
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....kzayra69
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 

Kürzlich hochgeladen (20)

React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdf
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 

Using Postman to Test OAuth/OIDC

  • 1.
  • 2. Using Postman to Test OAuth/OIDC Gideon McKee Software Quality Engineer Ping Identity
  • 3. <Self/Ping description and motivation> ● Identity Security Company ● Let us roll your own authentication ● PingOne for Customers ● IDaaS ● RESTful API calls ● API calls made over HTTP
  • 5. OAuth 2.0 ● Open standard for access delegation ● A framework ● Multiple “grant types” ● Other protocols (including OIDC) are built on top of OAuth 2.0 ● Gets you (or your app) a token
  • 6. The Auth(orization) Code flow, a.k.a. “3-legged OAuth”
  • 7.
  • 8. Auth Code - take two Resource Server Beer Tent Authorization Server ID Tent User Authentication ID Card Access Token Wrist Band Auth Code ???? Web App Backend Token Endpoint Access Token
  • 9. So how do we test this?
  • 10.
  • 11. Stepping through a login ● Make an /authorize request ● Do the authentication part (this is not covered by protocol) ● Return to the “app” with a code ● Exchange that code for a token
  • 12.
  • 13. OIDC ● Authentication layer on top of OAuth 2.0 ● If someone has a key to your mailbox, they are not necessarily you ● ID Token ● /userinfo endpoint
  • 14.
  • 15. Recap What did we learn? ● Don’t roll your own authentication ● OAuth + OIDC handles authorization + authentication ● Good Postman collections enable QA, Dev, Docs, and more ● Testing APIs that use HTTP is all about Requests and Responses