Feature Request: Support OAuth2/OIDC #337
Labels
discussion
Talking over coding
feature
New feature or request
good first issue
Good for newcomers
help wanted
Extra attention is needed
Is your feature request related to a problem? Please describe.
Currently, Postwoman supports Bearer Token authentication, but the process of obtaining a token for OAuth2 is non-trivial for any real-life APIs.
Describe the solution you'd like
In an ideal world, Postwoman would support OIDC for endpoint discovery, and Code Grant Types with PCKE (sorry, I'm not 100% sure on the correct terminology as different providers end up relabelling these this - see KeyCloak and IdentityServer4 for examples). It would also be great if there was support for Refresh Tokens, and JWT token introspection to support this.
The gold standard would probably also support OIDC Dynamic Client Registration, but I'm not sure how widly this is supported.
In addition, support for OIDC Front Channel Logout would be amazing.
At a minimum, OAuth2 authentication with Implicit Grants would support my use case (internal APIs), but will probably not support public APIs from Google or Facebook.
Describe alternatives you've considered
Postman has support for OAuth2 with Code, Password and Client Credential grant types, but it's annoying to use as:
Additional context
There's probably security implications of allowing Postwoman.io as a valid redirect_url for OAuth2 secured apps, but I don't really feel qualified to discuss this.
The text was updated successfully, but these errors were encountered: