Get Access Token
Collection: 0-WiseSso · Requests: 5
Overview
This collection logs you in to WEDA using a 5-step SSO flow and stores your accessToken in the environment. Every other collection depends on this token, so always run 0-WiseSso first.
Postman handles all the cookie management and redirect parsing automatically — you just run the requests in order.
Prerequisites
- Before You Start completed:
weda-coreenvironment configured withlogin,password,domain, andssoBaseUrl - Postman cookies cleared (recommended before each new session)
Auto-captured Variables
After this collection completes, the following variables are automatically set in your environment:
| Variable | Description |
|---|---|
accessToken | Bearer token required by all subsequent collections |
refreshToken | Used to renew accessToken without repeating the full SSO flow |
tenantId | Your WEDA tenant ID, extracted from the SSO redirect |
Steps
Run each request in order. Do not skip any.
1. External Login 302
Initializes the SSO session and establishes the login context.
- Script: pre-request clears cookies; post-request extracts
tenantId,client_id, andredirect_urifrom the 302 Location header - Result:
302 Found
2. Account Login
Submits your credentials using {{login}}, {{password}}, and {{tenantId}} from your environment — verify these are populated before sending.
- Script: post-request captures the
Identity.Permissionsession cookie - Result:
200 OK— response body contains your user profile (name, email, roles)
3. External Login 200
Completes the tenant-aware login return flow and retrieves the OIDC authorization data.
- Script: post-request parses the HTML body to extract
form_action,code,state, andiss— no action needed - Result:
200 OK
4. Signin Oidc
Completes the OIDC sign-in using the data extracted in the previous step.
- Script: URL set to
{{form_action}}; post-request captures theAdvOidc.Logincookie - Result:
302 Found
5. WEDA Token
Exchanges the established session cookies for a WEDA bearer token. No request body required — the call relies entirely on the cookies set in steps 1–4.
- API: Create JWT Access Token
- Script: post-request saves
accessToken,refreshToken,expiresIn, andtokenTypeto the environment - Result:
201 Created
{
"accessToken": "eyJ...",
"refreshToken": "30a8...",
"expiresIn": 7200,
"tokenType": "Bearer"
}
accessToken is valid for 2 hours (expiresIn: 7200). If it expires while you are working, run the Token Refresh request in Collection 2 to get a new token — you do not need to repeat the full SSO flow.
Related
- For API details and developer reference: Authentication