Access Management 7.3.2

ForgeRock grant flows collection

ForgeRock provides an OAuth 2.0 and OpenID Connect Postman collection to try out the flows that AM support. The source for the REST calls, including the prerequisites needed to run the collection, is provided as a downloadable JSON file collection.

  1. Download and install Postman.

  2. Download the ForgeRock OAuth 2.0 and OpenID Connect Collection.

  3. Import the collection in Postman:

    • Go to File > Import …​ > Upload Files.

    • Select the collection you downloaded, and click Open. Then, click Import.

  4. Configure the collection’s variables to suit your environment:

    • In Postman, on the Collections tab, select the ForgeRock OAuth 2.0 and OpenID Connect Collection. Click the …​ button, and then on Edit.

    • Click on the Variables tab, and change at least the value of the following variables:

      • URL_base

      • admin_password

    • Click Update to save your changes.

      You are ready to start running the collection.

The collection is divided into the following folders:

  • Prerequisites, containing REST calls to configure AM as an authorization server, and to create the clients and users required to run the collection.

  • OAuth 2.0 Flows, containing the flows explained in OAuth 2.0 grant flows.

  • OpenID Connect Flows, containing the flows explained in OpenID Connect grant flows.

    The Backchannel (CIBA) grant is not included, since it requires push notifications and an additional device to work.

  • Refresh Token Flow, containing calls explained in Refresh tokens and /oauth2/token/revoke.

  • Token Exchange Flows, containing the token exchange flows explained in Token exchange.