Search code examples
google-cloud-platformgoogle-apipostmangcloudgoogle-oauth

POSTMAN: Could not complete OAuth2.0 login

I want to request a token in order I can have my Postman logged in my Gmail acocount and then I can call Google Cloud APIs.

I am trying by typing my Gmail email address and its password as you can see from this picture

Postman Request Token

The final goal is get APIs like this 

https://monitoring.googleapis.com/v1/projects/firetestjimis/dashboards

I can do it by login with my Gmail account from gcloud ("gcloud auth application-default login"), then print the token with gcloud auth application-default print-access-token, copy the printed token and paste it in Access Token (Postman). Well it works, but it is kind of obligating me to start gcloud and has it installed. I am pretty sure I can reach same idea by sign with same user I sign in gcloud. I just don't know how to do it with Postman. All I have read last hours drove me to the image I pasted above but it is failling with error from this question.

In case it is relevant, here is the gcloud console where I get the token

C:\Program Files (x86)\Google\Cloud SDK>gcloud auth application-default print-access-token
C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\bin\..\lib\third_party\google\auth\_default.py:69: UserWarning: Your application has authenticated using end user credentials from Google Cloud SDK. We recommend that most server applications use service accounts instead. If your application continues to use end user credentials from Cloud SDK, you might receive a "quota exceeded" or "API not enabled" error. For more information about service accounts, see https://cloud.google.com/docs/authentication/
  warnings.warn(_CLOUD_SDK_CREDENTIALS_WARNING)
ya29.a0Ae4lvC3-3WxUmx... removed token ... hs251yTql3eEE

C:\Program Files (x86)\Google\Cloud SDK>

*** Edited a bit after firstly posted

Other tentative is resulting in 

Erro 400: invalid_request
Invalid parameter value for redirect_uri: Missing scheme: /

When I tried

Postman

The Client Id I copied from

https://console.developers.google.com/apis/credentials

*** edited after Madhead's suggestion

I followed carefully all steps proposed and indeed I can get a Google Token straight from Postman by clicking on Get New Access Token. Nevetheless it gets 

{
  "error": {
    "code": 403,
    "message": "Request had insufficient authentication scopes.",
    "status": "PERMISSION_DENIED"
  }
}

For these two tentatives from Postman (pasted curl script since it is easier to evaluated from others than a Postman printscreen)

curl --location --request GET 'https://monitoring.googleapis.com/v1/projects/firetestjimis/dashboards' --header 'Authorization: Bearer ya29. *** token *** kO3Fg'

curl --location --request POST 'https://firestore.googleapis.com/v1/projects/firetestjimis/databases/(default)/documents:runQuery' --header 'Authorization: Bearer ya29. *** token *** kO3Fg' --header 'Content-Type: application/json' --data-raw '{
"structuredQuery": {
    "where" : {
        "fieldFilter" : { 
        "field": {"fieldPath": "id"}, 
        "op":"EQUAL", 
        "value": {"stringValue": "1"}
        }
    },
    "from": [{"collectionId": "transfer"}]
    }
}'

Here is the OAuth Client ID created in credentials screen

{"web":{"client_id":"7953 *** 5k6e9ivtdg.apps.googleusercontent.com","project_id":"firetestjimis","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"IJGCe *** Du6bU","redirect_uris":["https://oauth.pstmn.io/v1/callback"]}}

as downlowaded from

Google Cloud Plataform Credentials

And here is the OAuth consent screen

*** edited

Add Scorpe screen

scope invalid

*** edited

trying add https://monitoring.googleapis.com/ as scope

  • edited

Nothing returned from Cloud Monitoring API

*** edited after succesfully added two scopes

It says "Because you've added a sensitive scope, your consent screen requires verification by Google before it's published"

waiting for Google aproval

And when I clicked in "Submit for verification" I see it complaining of Application Homepage and Application Privacy links

complaining about two urls

Solution

  • It's actually possible to use Postman to access OAuth 2.0 secured Google APIs.

    First, you need to create an OAuth client in your Google Cloud Console project. It should be a "Web application" client, and the redirect URI should be https://oauth.pstmn.io/v1/callback:

    Create OAuth client ID

    Take a note of the Client ID and Client Secret:

    Client ID & Client Secret

    Now, go to the Postman. Create new request. On the "Authorization" tab, select OAuth 2.0 and then click "Get New Access Token":

    New request

    Fill in the form.

    • Callback URL: https://oauth.pstmn.io/v1/callback (will be set up automatically by Authorize using browser).
    • Authorize using browser: true
    • Auth URL: https://accounts.google.com/o/oauth2/auth
    • Access Token URL: https://accounts.google.com/o/oauth2/token
    • Client ID: ${your client id}
    • Client Secret: ${your cluent secret}
    • Scope: ${your scopes}, e.g. https://www.googleapis.com/auth/gmail.readonly for Gmail read-only access. Make sure that corresponding scopes and API's are allowed in your project (e.g. on consent scree configuration page).

    New access token Consent screen & Scopes Monitoring scopes

    Click "Request Token". The browser will open Google's OAuth consent screen of pstmn.io app. Log in if necessary and grant the access. At the end of the process, a pop-up will be opened (make sure it is not blocked by your browser), redirecting you back to the Postman app.

    Go and use your token!

    Token usage