OAuth Access Data

Help Topics
If you need to obtain OAuth access data from authentication provider (Microsoft, Facebook, etc.), you can utilize HttpMaster support for obtaining it. Window for obtaining OAuth access data can be opened with the Obtain OAuth Access Data toolbar button in the following places:
  • Main application window; note that the button is only available if some project is open in HttpMaster.
  • Basic request window.
  • Execution window.
  • Curl window.

Authorization data

The following data must be provided to successfully obtain OAuth access data:
  • Authorization URL; authorization URL address of authentication provider; can contain optional query string with additional authorization parameters like 'response_type, 'scope', etc.
  • Client id; client id provided by authentication provider.
  • Client secret; client secret provided by authentication provider.
  • Redirect URL; URL address to which authentication provider should redirect after user successfully authenticates and gives necessary permissions. This address must exactly match redirect URL specified with authentication provider.
  • URL to exchange authorization code for tokens; URL address provided by authentication provider where obtained authorization code can be exchanged for tokens.
Important
It is recommended that you store the necessary OAuth authorization data in project properties (Authentication tab); if authorization data is stored in a project, it will be automatically used and you won't have to specify it every time you wish to obtain new OAuth access data.
Important
You must include offline_access scope value in authorization URL to successfully obtain refresh token value during the OAuth procedure.

Obtaining OAuth access data

To obtain OAuth access data, click the corresponding button. Login page will be displayed where you will have to log in and give necessary permissions. If OAuth access data was successfully obtained, it will be displayed at the bottom of the window. You can copy the desired data to Clipboard or click OK button to temporarily stored them in currently open project (note that stored OAuth access data is lost when the project is closed).
Important
If you would like to set or change these values manually, you can open separate window with the menu Manually Set OAuth Access Data.
Important
HttpMaster uses Microsoft WebView2 to render HTML during the login process, so WebView2 runtime must be installed on your local machine. The majority of Windows machines already have WebView2 runtime installed as a part of Windows Update. If you do not have this runtime installed, you can download it from the following location.
Please note that it is not sufficient to have Microsoft Edge web browser installed; WebView2 requires a separate runtime as described above.

Using obtained OAuth access data

If you have stored OAuth access data in currently open project (see previous section), you can include it in every request item that belongs to the project. Data can be used in:
  • Request item URL.
  • Request item body.
  • Request item header.
To use obtained authorization code, utilize global variable hm-authorization-code in any of the relevant request item properties. To use obtained access token, utilize global variable hm-access-token in any of the relevant request item properties. To use obtained refresh token, utilize global variable hm-refresh-token in any of the relevant request item properties. All variables must be enclosed in curly braces when used.
Examples
http://www.example.com?code={hm-authorization-code}
http://www.example.com?token={hm-access-token}
http://www.example.com?token={hm-refresh-token}
During the execution, all occurrences of the variable will be replaced with the obtained OAuth value.

For a step by step tutorial for obtaining OAuth access data, see the corresponding topic in How to section.

Copyright © by Borvid. All rights reserved.