# Test IAS with Postman

Here is a guide on how you can verify and test your client configuration using [Postman](https://www.postman.com/).

{% hint style="info" %}
Before you start, download our example Postman collection

{% file src="/files/enucSfN84ZaEIyhpKfLm" %}
Example Postman Collection
{% endfile %}
{% endhint %}

## Step 1 - Navigate to the collection settings

After you have imported the example collection click the collection name in the collection list to open the settings.

![Step1](/files/6cII03p5s3oKJTnTzuVV)

## Step 2 - Fill in your variables details

Next you need to fill in your client specific details in the collection variables. Click the *Variables* tab and fill in the following details and remember to save:

* `CLIENT_ID`
* `CLIENT_SECRET`
* `REDIRECT_URI`

{% hint style="info" %}
If you are using Postman Cloud to sync your work or share with your teammates you should protect your `CLIENT_SECRET`. By only setting the **CURRENT VALUE** the value is not synchronized to Postman's cloud.
{% endhint %}

![Step2](/files/vombXFlmbVDOKRgQOr8R)

{% hint style="warning" %}
Remember to save your collection when you have updated the values.
{% endhint %}

## Step 3 - Get New Access Token

Now you should be able to get new access token in Postman. Click the *Authorization* tab to open the authorization view. Everything should be configured using the variables.

Here you can update the *Scope* input if you want to test the client access to some specific scopes, but you should always include the `openid` and `profile` scopes. For example to test if the client is configured for offline access you could add the `offline_access` scope so the value would be `openid profile offline_access`.

{% hint style="info" %}
We recommend to use [PKCE](https://datatracker.ietf.org/doc/html/rfc7636) even though you are using confidential client with secret. The PKCE improves security to prevent CSRF and authorization code injection attacks.
{% endhint %}

![Step3](/files/8icXjw9A4wYlxv7CNcAE)

## Step 4 - Authenticate

After clicking the `Get New Access Token` button Postman opens a dialog. If the client configuration is valid you should see the login screen where you can log in.

If you see some error message check out the [Troubleshooting](#troubleshooting) section for more details.

![Step4](/files/RbXXtRu9IIYyR5CJpDdO)

## Step 5 - Receive tokens

If you authenticate successfully you should see the *Manage Access Tokens* dialog with your new tokens 🎉\
You can use <https://jwt.io/> to decode the tokens and view which claims it contains.

![Step5](/files/3buDgxubZkkdcQOpI81P)

## 🐞 Troubleshooting

Here are the most common errors when testing the client configuration

### invalid\_request - Invalid Redirect URI

When you see the message `invalid_request` the most common cause is the *Redirect URI* provided is not registered as an allowed URI in the client defintion in the IAS.

You can edit the list of allowed URIs in the IAS admin portal under Application>Application URLs>Callback URL

{% hint style="warning" %}
The *Redirect URI* is case sensitive and sensitive for trailing slash.
{% endhint %}

![InvalidRedirectUri](/files/GnDC7JwrIlAWWAfHD0NH)

### invalid\_scope - Invalid Client Scope

When you see the message `invalid_scope` one or more scopes in the *Scope* input does either not exists or the client has not yet been granted access to some scopes.

You can view and edit the list of scopes granted to a client in the IAS admin portal under Application>Permissions.

![InvalidScope](/files/6bx3hGMPG49t4IGFNZbT)

### unauthorized\_client - Invalid Client ID

When you see the message `unauthorized_client` the most common cause is that the *Client ID* is invalid.

Please verify that your configured *Client ID* is matching the *Client ID* shown in the IAS admin portal and make sure that you are connecting to the correct IAS environment.

![InvalidClientId](/files/GGoHOorQA46QySjviFEk)

### Authentication failed - Invalid Client Secret

When you see a error message from Postman that the authentication failed and you find the message `Error: invalid_client` in the Postman Console the most common cause is the *Client Secret* is invalid.

Please verify that your configured *Client Secret* is matching the *Client Secret* shown in the IAS admin porta&#x6C;*.* Note that postman does not url encode client secrets before sending them so try manually url encoding your secret before entering it into Postman.&#x20;

![InvalidClientSecret](/files/TsQFvvM6oh6pufbwew8w)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.devland.is/products/auth/postman-test.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.