Enable Token Requests for Sitecore ID server

docker-compose-postman.yml

services:
  id:
    volumes:
      - type: bind
        source: .\id-config
        target: c:\identity\sitecoreruntime\Production\Config

GetToken.ps1

function Get-Token {

$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Content-Type", "application/x-www-form-urlencoded")
$headers.Add("Accept", "application/json")

$body = "password=b&grant_type=password&username=sitecore%5Cadmin&client_id=postman-api&scope=openid%20sitecore.profile%20sitecore.profile.api"

$response = Invoke-RestMethod 'https://xm1id.localhost/connect/token' -Method 'POST' -Headers $headers -Body $body
$response | ConvertTo-Json

}

PostmanConfig.xml

    <Settings>
        <Sitecore>
            <IdentityServer>
                <Clients>
                    <PostmanClient>
                        <ClientId>postman-api</ClientId>
                        <ClientName>Postman API</ClientName>
                        <AccessTokenType>0</AccessTokenType>
                        <AllowOfflineAccess>true</AllowOfflineAccess>
                        <AlwaysIncludeUserClaimsInIdToken>false</AlwaysIncludeUserClaimsInIdToken>
                        <AccessTokenLifetimeInSeconds>3600</AccessTokenLifetimeInSeconds>
                        <IdentityTokenLifetimeInSeconds>3600</IdentityTokenLifetimeInSeconds>
                        <AllowAccessTokensViaBrowser>true</AllowAccessTokensViaBrowser>
                        <RequireConsent>false</RequireConsent>
                        <RequireClientSecret>false</RequireClientSecret>
                        <AllowedGrantTypes>
                            <AllowedGrantType1>password</AllowedGrantType1>
                        </AllowedGrantTypes>
                        <RedirectUris>
                            <RedirectUri1>{AllowedCorsOrigin}/oauth2/callback</RedirectUri1>
                        </RedirectUris>
                        <PostLogoutRedirectUris>
                            <PostLogoutRedirectUri1>{AllowedCorsOrigin}</PostLogoutRedirectUri1>
                        </PostLogoutRedirectUris>
                        <AllowedCorsOrigins>
                            <AllowedCorsOrigins1>https://www.getpostman.com</AllowedCorsOrigins1>
                        </AllowedCorsOrigins>
                        <AllowedScopes>
                            <!-- Scopes documented here:
                            https://doc.sitecore.com/xp/en/developers/103/sitecore-experience-manager/use-bearer-tokens-in-client-applications.html -->
                            <AllowedScope1>openid</AllowedScope1>
                            <AllowedScope2>sitecore.profile</AllowedScope2>
                            <AllowedScope3>sitecore.profile.api</AllowedScope3>
                        </AllowedScopes>
                        <UpdateAccessTokenClaimsOnRefresh>true</UpdateAccessTokenClaimsOnRefresh>
                    </PostmanClient>
                </Clients>
            </IdentityServer>
        </Sitecore>
    </Settings>

Sitecore_GraphQL.postman_collection.json

{
	"info": {
		"_postman_id": "d5816c17-9c4b-4a0f-8b78-beb5ea07e3ae",
		"name": "Sitecore GraphQL",
		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
		"_exporter_id": "0"
	},
	"item": [
		{
			"name": "GetToken",
			"event": [
				{
					"listen": "test",
					"script": {
						"exec": [
							"var jsonData = JSON.parse(responseBody);",
							"",
							"postman.setGlobalVariable(\"SitecoreIdToken\", \"Bearer \" + jsonData.access_token);",
							""
						],
						"type": "text/javascript"
					}
				}
			],
			"request": {
				"method": "POST",
				"header": [
					{
						"key": "Content-Type",
						"value": "application/x-www-form-urlencoded"
					},
					{
						"key": "Accept",
						"value": "application/json"
					}
				],
				"body": {
					"mode": "urlencoded",
					"urlencoded": [
						{
							"key": "password",
							"value": "{{SitecoreIdServerPassword}}",
							"type": "text"
						},
						{
							"key": "grant_type",
							"value": "password",
							"type": "text"
						},
						{
							"key": "username",
							"value": "{{SitecoreIdServerUserName}}",
							"type": "text"
						},
						{
							"key": "client_id",
							"value": "postman-api",
							"type": "text"
						},
						{
							"key": "scope",
							"value": "openid sitecore.profile sitecore.profile.api",
							"type": "text"
						}
					]
				},
				"url": {
					"raw": "{{SitecoreIdServerHost}}/connect/token",
					"host": [
						"{{SitecoreIdServerHost}}"
					],
					"path": [
						"connect",
						"token"
					]
				}
			},
			"response": []
		}
	],
	"event": [
		{
			"listen": "prerequest",
			"script": {
				"type": "text/javascript",
				"exec": [
					""
				]
			}
		},
		{
			"listen": "test",
			"script": {
				"type": "text/javascript",
				"exec": [
					""
				]
			}
		}
	],
	"variable": [
		{
			"key": "SitecoreIdServerHost",
			"value": "https://xp0identityserver.dev.local",
			"type": "string"
		},
		{
			"key": "SitecoreIdServerUserName",
			"value": "sitecore\\admin",
			"type": "string"
		},
		{
			"key": "SitecoreIdServerPassword",
			"value": "b",
			"type": "string"
		}
	]
}

This gist contains:

• A Sitecore Identity patch file (to be placed in a folder "id-config")
• A docker-compose-override.yml to patch this into the identity server.
• A Postman configuration to allow accessing this
• A sample PoweShell function

See http://www.dansolovay.com/2023/01/using-postman-to-authenticate-to-graphql.html for background on this approach. The config has been slightly revised to allow docker deployment (addition of <settings>/<sitecore> nesting).

This is an alternative to the step described here: https://doc.sitecore.com/xp/en/developers/103/sitecore-experience-manager/walkthrough--enabling-and-authorizing-requests-to-the-authoring-and-management-api.html:

Configure a controller that retrieves a Bearer type access token from the Sitecore Identity Server.

which seems like overkill for local discovery efforts.