Authorization Code and Access Token

Help Topics
If you need to obtain authorization data from authentication provider (Google, Facebook, etc.), you can utilize HttpMaster support for obtaining authorization code and access token. Window for obtaining authorization data can be accessed in:
  • Main application window; use menu 'Run' - 'Manage Authentication' - 'Authorization Code and Access Token'. Note that this menu is only available if some project is opened in HttpMaster.
  • Basic request window; click corresponding authentication button and select 'Authorization Code and Access Token'.
  • Execution window; click corresponding authentication button and select 'Authorization Code and Access Token'.

Authorization data

The following data must be provided to successfully obtain authorization code:
  • Authorization URL; authorization URL address of authentication provider; can contain optional query string with additional authorization parameters like 'response_type, 'scope', etc.
  • Client id; client id provided by authentication provider.
  • Client secret; client secret provided by authentication provider.
  • Redirect URL; URL address to which authentication provider should redirect after user successfully authenticates and gives necessary permissions. This address must exactly match redirect URL specified with authentication provider.
  • URL to exchange authorization code for access token; URL address provided by authentication provider where obtained authorization code can be exchanged for access token.

Important

It is recommended that you store authorization data in project properties ('Authentication' tab); if authorization data is stored in a project, it will be automatically used and you won't have to specify it every time you wish to obtain new authorization code and access token.

Obtaining authorization code and access token

To obtain authorization code and access token, click corresponding button after you have specified complete authorization data. Login page will be displayed where you will have to log in and give necessary permissions. If authorization code and access token were successfully obtained, they will be displayed at the bottom of the window. You can copy them to Clipboard or click 'OK' button to temporarily stored them in currently opened project (note that stored authorization code and access token are lost when project is closed).

Important

If login page is not rendered as expected, it is possible that HttpMaster is not using the latest installed Internet Explorer rendering engine. Try the following procedure to enable the latest rendering engine:
  • Navigate to the registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Feature Control\FEATURE_BROWSER_EMULATION.
  • Add new DWORD value with the name 'HttpMaster.Windows.exe' (without quotes) and the value of 0.
  • Restart HttpMaster.
In step 2, you can set the value to the number that represents specific Internet Explorer version, for example, decimal value 11001 represents IE11 Standards mode.

Using obtained authorization data

If you have stored authorization code and access token in currently opened project (see previous section), you can include them in every request item that belongs to the project. They can be used in:
  • Request item URL.
  • Request item body.
  • Request item header.
To use obtained authorization code, utilize global variable 'hm-authorization-code' in any of the relevant request item properties. Variable must be enclosed in curly braces when used, for example:
http://www.example.com?code={hm-authorization-code}
During the execution, all occurrences of the variable will be replaced with the obtained authorization code value.

To use obtained access token, utilize global variable 'hm-access-token' in any of the relevant request item properties. Variable must be enclosed in curly braces when used, for example:
http://www.example.com?token={hm-access-token}
During the execution, all occurrences of the variable will be replaced with the obtained access token value.

Clear stored login data

It is possible that once you have successfully logged in, browser will store your login in a cookie and will immediately return authorization code and access token next time requested. If you would like to perform new clean procedure with fresh login, open Internet Explorer and delete corresponding cookie.

For more information on how to obtain and use authorization data, see corresponding topic in 'How to' section.