LogoLogo
  • Technical Direction
  • Technical overview
    • Technical Implementation
    • API Design Guide
      • Data Definitions and Standards
      • Data Transfer Objects
      • Documentation
      • Environments
      • Error Handling
      • Example API Service
      • GraphQL Naming Conventions
      • Methods
      • Naming Conventions
      • Once Only Principle
      • Pagination
      • Resource Oriented Design
      • REST Request
      • REST Response
      • Security
      • Versioning
    • Ísland.is Public Web Data Flow
    • Code Reviews
    • Code Standards
    • Monorepo
    • Project Management
    • Teamwork
    • Architectural Decision Records
      • Use Markdown Architectural Decision Records
      • Use NX
      • Continuous Integration
      • CSS
      • Branching and Release Strategy
      • Error Tracking and Monitoring
      • What API Management Tool to Consider
      • Viskuausan Static Site Generator
      • Use OAuth 2.0 and OpenID Connect As Protocols for Authentication and Authorization
      • Unified Naming Strategy for Files and Directories
      • CMS
      • Open Source License
      • What Chart Library Should We Use Across Island.is?
      • What Feature Flag Service/application Should We Use at Island.is?
      • Logging, Monitoring and APM Platform
      • ADR Template
    • Log Management Policy
  • Products
    • Island.is Authentication Service
      • Terminology
      • Integration Options
      • Authentication Flows
      • Authorising API Endpoints
      • Session Lifecycle
      • Scopes and Tokens
      • Delegations
      • Configuration
      • Tools and Examples
      • Environments
      • Test IAS with Postman
    • Notifications / Hnipp
      • New Notification Setup Guide
      • Notifications service workflow overview
      • Email notifications
    • Pósthólfið
      • Security Checklist
      • Introduction
      • Skjalatilkynning API
      • Skjalaveita API
      • Sequence Diagram
      • Interfaces
    • Straumurinn (X-Road)
      • Architecture Guidelines for Service Providers and Consumers
      • Setting up an X-Road Security Server
        • Network Configuration
      • X-Road - Uppfærsla á öryggisþjónum
      • Straumurinn - Notkun og umsýsla
      • X-Road Central - current version
  • Development
    • Getting Started
    • Generating a New Project
    • Definition of done
    • Devops
      • Continuous Delivery
      • Database
      • Dockerizing
      • Environment Setup
      • Logging
      • Metrics
      • NextJS Custom Server
      • Observability
      • Operations Base Principles
      • Security
      • Service Configuration
      • Support
    • AWS Secrets
    • Feature Flags
    • Documentation Contributions
    • Defining Monorepo Boundaries With Tags
    • OpenAPI
    • Code Generation
    • Workspace Settings (Deprecated)
    • External Contributions
  • REFERENCE
    • Problems
      • 400 Validation Failed
      • 400 Attempt Failed
      • 403 Bad Subject
      • 400 500 Template API Error
    • Glossary
  • Misc
    • Guide: Adding a Payment Step to an Application
    • Guide: Enable Organisations to Make Requests to an Application
    • README Template
Powered by GitBook
On this page
  • Step 1 - Navigate to the collection settings
  • Step 2 - Fill in your variables details
  • Step 3 - Get New Access Token
  • Step 4 - Authenticate
  • Step 5 - Receive tokens
  • 🐞 Troubleshooting
  • invalid_request - Invalid Redirect URI
  • invalid_scope - Invalid Client Scope
  • unauthorized_client - Invalid Client ID
  • Authentication failed - Invalid Client Secret

Was this helpful?

  1. Products
  2. Island.is Authentication Service

Test IAS with Postman

PreviousEnvironmentsNextNotifications / Hnipp

Last updated 7 months ago

Was this helpful?

Here is a guide on how you can verify and test your client configuration using .

Before you start, download our example Postman collection

Step 1 - Navigate to the collection settings

After you have imported the example collection click the collection name in the collection list to open the settings.

Step 2 - Fill in your variables details

Next you need to fill in your client specific details in the collection variables. Click the Variables tab and fill in the following details and remember to save:

  • CLIENT_ID

  • CLIENT_SECRET

  • REDIRECT_URI

If you are using Postman Cloud to sync your work or share with your teammates you should protect your CLIENT_SECRET. By only setting the CURRENT VALUE the value is not synchronized to Postman's cloud.

Remember to save your collection when you have updated the values.

Step 3 - Get New Access Token

Now you should be able to get new access token in Postman. Click the Authorization tab to open the authorization view. Everything should be configured using the variables.

Here you can update the Scope input if you want to test the client access to some specific scopes, but you should always include the openid and profile scopes. For example to test if the client is configured for offline access you could add the offline_access scope so the value would be openid profile offline_access.

Step 4 - Authenticate

After clicking the Get New Access Token button Postman opens a dialog. If the client configuration is valid you should see the login screen where you can log in.

Step 5 - Receive tokens

🐞 Troubleshooting

Here are the most common errors when testing the client configuration

invalid_request - Invalid Redirect URI

When you see the message invalid_request the most common cause is the Redirect URI provided is not registered as an allowed URI in the client defintion in the IAS.

You can edit the list of allowed URIs in the IAS admin portal under Application>Application URLs>Callback URL

The Redirect URI is case sensitive and sensitive for trailing slash.

invalid_scope - Invalid Client Scope

When you see the message invalid_scope one or more scopes in the Scope input does either not exists or the client has not yet been granted access to some scopes.

You can view and edit the list of scopes granted to a client in the IAS admin portal under Application>Permissions.

unauthorized_client - Invalid Client ID

When you see the message unauthorized_client the most common cause is that the Client ID is invalid.

Please verify that your configured Client ID is matching the Client ID shown in the IAS admin portal and make sure that you are connecting to the correct IAS environment.

Authentication failed - Invalid Client Secret

When you see a error message from Postman that the authentication failed and you find the message Error: invalid_client in the Postman Console the most common cause is the Client Secret is invalid.

Please verify that your configured Client Secret is matching the Client Secret shown in the IAS admin portal. Note that postman does not url encode client secrets before sending them so try manually url encoding your secret before entering it into Postman.

We recommend to use even though you are using confidential client with secret. The PKCE improves security to prevent CSRF and authorization code injection attacks.

If you see some error message check out the section for more details.

If you authenticate successfully you should see the Manage Access Tokens dialog with your new tokens 🎉 You can use to decode the tokens and view which claims it contains.

PKCE
https://jwt.io/
Troubleshooting
Postman
3KB
example-test-auth.postman_collection.json
Example Postman Collection
Step1
Step2
Step3
Step4
Step5
InvalidRedirectUri
InvalidScope
InvalidClientId
InvalidClientSecret