Using Postman to access OAuth 2.0 Google APIs

Postman will query Google API impersonating a Web Application

Generate an OAuth 2.0 token:

1. Ensure that the Google APIs are enabled

2. Create an OAuth 2.0 client ID

   • Go to Google Console -> API -> OAuth consent screen
     • Add getpostman.com to the Authorized domains. Click Save.
   • Go to Google Console -> API -> Credentials
     • Click 'Create credentials' -> OAuth client ID -> Web application
       • Name: 'getpostman'
       • Authorized redirect URIs: https://www.getpostman.com/oauth2/callback
   • Copy the generated Client ID and Client secret fields for later use

3. In Postman select Authorization tab and select "OAuth 2.0" type. Click 'Get New Access Token'

   • Fill the GET NEW ACCESS TOKEN form as following
     • Token Name: 'Google OAuth getpostman'
     • Grant Type: 'Authorization Code'
     • Callback URL: https://www.getpostman.com/oauth2/callback
     • Auth URL: https://accounts.google.com/o/oauth2/auth
     • Access Token URL: https://accounts.google.com/o/oauth2/token
     • Client ID: Client ID generated in the step 2 (e.g., '123456789012-abracadabra1234546789blablabla12.apps.googleusercontent.com')
     • Client Secret: Client secret generated in the step 2 (e.g., 'ABRACADABRAus1ZMGHvq9R-L')
     • Scope: see the Google docs for the required OAuth scope (e.g., https://www.googleapis.com/auth/cloud-platform)
     • State: Empty
     • Client Authentication: "Send as Basic Auth header"
   • Click 'Request Token' and 'Use Token'
4. Set the method, parameters, and body of your request according to the Google docs

The best way I found so far is to go to the Oauth playground here: https://developers.google.com/oauthplayground/

1. Select the relevant google api category, and then select the scope inside that category in the UI.
2. Get the authorization code by clicking "authorize API" blue button. Exchange authorization code for token by clicking the blue button.
3. Store the OAuth2 token and use it as shown below.

In the HTTP header for the REST API request, add: "Authorization: Bearer ". Here, Authorization is the key, and "Bearer ". For example: "Authorization: Bearer za29.KluqA3vRtZChWfJDabcdefghijklmnopqrstuvwxyz6nAZ0y6ElzDT3yH3MT5"

The current answer is outdated. Here's the up-to-date flow:

The approach outlined here still works (12/23/2021) as confirmed by mazend.

We will use the YouTube Data API for our example. Make changes accordingly.

Make sure you have enabled your desired API for your project.

Create the OAuth 2.0 Client

1. Visit https://console.cloud.google.com/apis/credentials
2. Click on CREATE CREDENTIALS
3. Select OAuth client ID
4. For Application Type choose Web Application
5. Add a name
6. Add following URI for Authorized redirect URIs

https://oauth.pstmn.io/v1/callback

7. Click Save
8. Click on the OAuth client you just generated
9. In the Topbar click on DOWNLOAD JSON and save the file somewhere on your machine.

We will use the file later to authenticate Postman.

Authorize Postman via OAuth 2.0 Client

1. In the Auth tab under TYPE choose OAuth 2.0
2. For values under Configuration Options enter the values found inside the client_secret_[YourClientID].json file we downloaded in step 9
3. Click on Get New Access Token
4. Make sure your settings are as follows:

Click here to see the settings

(In addition, multiple scope can be as follows, space-delimited: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile")

5. Click on Request Token
6. A new browser tab/window will open
7. Once the browser tab opens, login via the appropriate Google account
8. Accept the consent screen
9. Done

Ignore the browser message "Not safe" etc. This will be shown until your app has been screened by Google officials. In this case it will always be shown since Postman is the app.

1. go to https://console.developers.google.com/apis/credentials
2. create web application credentials.

Postman API Access

3. use these settings with oauth2 in Postman:

   • Auth URL = https://accounts.google.com/o/oauth2/auth

   • Access Token URL = https://accounts.google.com/o/oauth2/token

     4. Choose Scope for the HTTP API
     5. Generate Token
     6. to add Schema use:

SCOPE = https: //www.googleapis.com/auth/admin.directory.userschema

post https: //www.googleapis.com/admin/directory/v1/customer/customer-id/schemas

{
  "fields": [
    {
      "fieldName": "role",
      "fieldType": "STRING",
      "multiValued": true,
      "readAccessType": "ADMINS_AND_SELF"
    }
  ],
  "schemaName": "SAML"
}

7. to patch user use:

SCOPE = https://www.googleapis.com/auth/admin.directory.user

PATCH https://www.googleapis.com/admin/directory/v1/users/[email protected]

 {
  "customSchemas": {
     "SAML": {
       "role": [
         {
          "value": "arn:aws:iam::123456789123:role/Admin,arn:aws:iam::123456789123:saml-provider/GoogleApps",
          "customType": "Admin"
         }
       ]
     }
   }
}

I figured out that I was not generating Credentials for the right app type.
If you're using Postman to test Google oAuth 2 APIs, select
Credentials -> Add credentials -> OAuth2.0 client ID -> Web Application.