oauth2 pkce auth code flow support?

[ChrisMeeusen]

Does this library support auth code flow with pkce? I'm getting generated tests that look like this:

postman[Symbol.for("define")]({
  name: "admin user",
  id: "6a08afa4-c3ee-4f6b-a2cf-549a12ef119e",
  method: "GET",
  address: "{{mde-base-url}}/admin/user",
  post(response) {
    pm.test("Status code is 200", function() {
      pm.response.to.have.status(200);
    });
  },
  auth(config, Var) {
    config.headers.Authorization = "Bearer undefined";
  }
});

my collection configuration looks like this:

"name": "admin user",
	"event": [
			{
				"listen": "test",
				"script": {
					"exec": [
						"pm.test(\"Status code is 200\", function () {\r",
						"    pm.response.to.have.status(200);\r",
						"});\r",
							""
					],
					"type": "text/javascript"
				}
			}
		],
		"request": {
			"auth": {
				"type": "oauth2",
				"oauth2": [
					{
						"key": "refreshRequestParams",
						"value": [
							{
								"key": "origin",
								"value": "http://localhost:8080",
								"enabled": true,
								"send_as": "request_header"
							}
						],
						"type": "any"
					},
					{
						"key": "tokenRequestParams",
						"value": [
							{
								"key": "client_id",
								"value": "{{clienId}}",
								"enabled": true,
								"send_as": "request_body"
							},
							{
								"key": "origin",
								"value": "http://localhost:8080",
								"enabled": true,
								"send_as": "request_header"
							}
						],
						"type": "any"
					},
					{
						"key": "scope",
						"value": "api://mde-api-nonprod.mayo.edu/api.use",
						"type": "string"
					},
					{
						"key": "clientId",
						"value": "{{clientId}}",
						"type": "string"
					},
					{
						"key": "redirect_uri",
						"value": "http://localhost:8080",
						"type": "string"
					},
					{
						"key": "tokenName",
						"value": "AAD MDE-nonprod",
						"type": "string"
					},
					{
						"key": "useBrowser",
						"value": false,
						"type": "boolean"
					},
					{
						"key": "authUrl",
						"value": "https://login.microsoftonline.com/{{aad-tenant}}/oauth2/v2.0/authorize",
						"type": "string"
					},
					{
						"key": "accessTokenUrl",
						"value": "https://login.microsoftonline.com/{{aad-tenant}}/oauth2/v2.0/token",
						"type": "string"
					},
					{
						"key": "grant_type",
						"value": "authorization_code_with_pkce",
						"type": "string"
					},
					{
						"key": "addTokenTo",
						"value": "header",
						"type": "string"
					}
				]
			},

I can use this auth configuration in postman and it pops open a window for me to authenticate in but I assume that's not possible in k6... is that why this isn't working?

[thim81]

hi @ChrisMeeusen

It does not seem currently supported. We will run some tests to see if that would work or what is missing.

[thim81]

As a work-around, I would simplify the Postman requests only using a token and have a separate JS script doing the OAuth2 flow to fetch the token, which can be used in the Postman collection.