How to authenticate with Google Service Account credentials using Postman and HTTPS?

Asked 17/3, 2019 at 9:54 Answered 1/12, 2023 at 15:52

google-api postman google-oauth google-authentication service-accounts

I have read these documents:

I have stored the google-secrets.json credentials of the service account. However I can't understand how to send the request with the credentials to get the auth token or api key.

There are only libraries published that do this.

How do I setup authentication with HTTPS in Postman?

Graff answered 17/3, 2019 at 9:54 Comment(0)

This is answered very well by Gordon Thompson in the medium article Google Authentication with Postman covering three different methods:

Using oauth2l CLI
Configuring Postman with OAuth 2 and User Credentials
Configuring Postman to use a pre-request script. This will auto-generate Google Access and ID tokens from a Service Account key and save it in Postman. Based on the work of Denis Loginov, the gist is available here:

Namtar answered 3/2, 2022 at 7:28 Comment(0)

In the Postman application

Go to Environments module and create a new environment. Let's call it gcp_sa_env
Create a new variable named serviceAccountKey and copy-paste the content of your google-secrets.json in its value. The JSON should contain items like client_email, private_key, token_uri
Go to Collections module and create a new request
Select the created environment (gcp_sa_env) at top-right
In the Pre-request Script copy-paste this Javascript code (gist) enabling to auto-generates a Google OAuth token from a service account key
Add or remove scopes as needed in the SCOPES variable (see documentation here)
In the Authorization module, select Bearer Token as the authorization type and write {{accessToken}} as Token
Configure the rest of the request (method, url, body, etc) and run it

Obie answered 1/12, 2023 at 15:52 Comment(1)

Regarding Step 7) Postman complains that {{accessToken}} doesn't exist. Ignore the warning, it's created by the script. – Jonellejones 10/1 at 17:42

found.

signed it with RS256 on JWT.io with params

HEADER:

{
  "alg": "RS256",
  "typ": "JWT",
  "kid": "your_private_key_id"
}

PAYLOAD:

{
  "iss": "your_client_email_of_service_account",
  "sub": "your_client_email_of_service_account",
  "aud": "https://www.googleapis.com/oauth2/v4/token",
  "scope": "https://www.googleapis.com/auth/devstorage.read_only",
  "iat": current_unix_time,
  "exp": current_unix_time+3600
}

VERIFY SIGNATURE

your_private_key in last field (without \n)

got encoded key

and then

POST /oauth2/v4/token HTTP/1.1

Host: www.googleapis.com

Content-Type: application/x-www-form-urlencoded

Cache-Control: no-cache

grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=ENCODED_KEY_FROM_JWT.IO

and i got response

{

    "access_token": "ya21.c.ElrSBodwuWANeh7Q0-zlXpOxqm9-uEszPElsY2tvoG5aPxRgOkasN5G2sMgj3iosPVbRYk1wXw_DcBnm2FtuNBlZpv_wCC0YS5pWMykR8Ouf5CZg-8OK842rvfk",

    "expires_in": 3600,

    "token_type": "Bearer"

}

also dont forget give a priveleges to your service account for read in storage

Graff answered 20/3, 2019 at 11:42 Comment(2)

I would love a bit more info on how you used Jwt.io to create your token. – Runofthemill 14/12, 2020 at 14:59

I am getting invalid JWT signature. What could be the reason, I have followed the above approach to Authenticate and Access Google Spread Sheets from Postman and from MS Power Automate too. I have the above details to authenticate, such as : private_key, private_key_id, client_email, client_id But I am clueless to authorize Google Spread Sheet API and consume the services. "auth_uri": "accounts.google.com/o/oauth2/auth", "token_uri": "oauth2.googleapis.com/token", Any help would be much appreciated and thank you in advance! – Dummy 22/7, 2022 at 8:43

Recommended topics

Hot tags