跳至主要内容

Get Access Token

Collection: 0-WiseSso  ·  Requests: 5

Overview

This collection logs you in to WEDA using a 5-step SSO flow and stores your accessToken in the environment. Every other collection depends on this token, so always run 0-WiseSso first.

Postman handles all the cookie management and redirect parsing automatically — you just run the requests in order.


Prerequisites

  • Before You Start completed: weda-core environment configured with login, password, domain, and ssoBaseUrl
  • Postman cookies cleared (recommended before each new session)

Auto-captured Variables

After this collection completes, the following variables are automatically set in your environment:

VariableDescription
accessTokenBearer token required by all subsequent collections
refreshTokenUsed to renew accessToken without repeating the full SSO flow
tenantIdYour WEDA tenant ID, extracted from the SSO redirect

Steps

Run each request in order. Do not skip any.

1. External Login 302

Initializes the SSO session and establishes the login context.

  • Script: pre-request clears cookies; post-request extracts tenantId, client_id, and redirect_uri from the 302 Location header
  • Result: 302 Found

2. Account Login

Submits your credentials using {{login}}, {{password}}, and {{tenantId}} from your environment — verify these are populated before sending.

  • Script: post-request captures the Identity.Permission session cookie
  • Result: 200 OK — response body contains your user profile (name, email, roles)

3. External Login 200

Completes the tenant-aware login return flow and retrieves the OIDC authorization data.

  • Script: post-request parses the HTML body to extract form_action, code, state, and iss — no action needed
  • Result: 200 OK

4. Signin Oidc

Completes the OIDC sign-in using the data extracted in the previous step.

  • Script: URL set to {{form_action}}; post-request captures the AdvOidc.Login cookie
  • Result: 302 Found

5. WEDA Token

Exchanges the established session cookies for a WEDA bearer token. No request body required — the call relies entirely on the cookies set in steps 1–4.

  • API: Create JWT Access Token
  • Script: post-request saves accessToken, refreshToken, expiresIn, and tokenType to the environment
  • Result: 201 Created
{
"accessToken": "eyJ...",
"refreshToken": "30a8...",
"expiresIn": 7200,
"tokenType": "Bearer"
}
備註

accessToken is valid for 2 hours (expiresIn: 7200). If it expires while you are working, run the Token Refresh request in Collection 2 to get a new token — you do not need to repeat the full SSO flow.


Last updated on Jul-17, 2026 | Version 1.1.0