I'm trying to post this in forum 'invalid_client', but it says I am not allowed to post links??
READ THIS (it will probably save you about 11 and half hours)
So, I just spent 12 hours yesterday trying to connect POSTMAN to the Panopto API, before succeeding (yay!) and thought I would like to try and save others from that pain. I admit that I have a lack of experience in OAuth2, although I have worked with postman quite a bit before.
watch this youtube video 'How to set up Oauth2 in PostMan' by 'DAIMTO Developer Tips' this will show you which settings you need in POSTMAN to connect using OAuth2 and which you don't.
In POSTMAN in the OAuth2 options select the checkbox to validate using browser. This will automatically put the POSTMAN call-back as the call-back in the box above the checkbox. Copy this call-back url go to where you added your Panopto client, and got your Client Secret, and add this call-back URL
for a long time I was getting 'invalid_scope' the Panopto documentation says set 'API' as the scope. This gave me a perpetual 'invalid_scope' error. After a lot of reading other people's posts I ended up trying 'api' (so just lowercase not upper case) and the 'invalid_scope' error went away.
Then I started to get 'invalid_client' errors. For a while I was offended by this as, I was the client after all, until I realised I wasn't the client it was talking about, it meant the browser I was using. After first getting a new Client Secret (well worth doing even if you think it is correct) I originally copied and pasted it, but I think it converted it to Uri somehow and made it wrong. Then after trying to get a token for some time, the browser was saying 'Success' but kept failing with 'invalid_client', I realised that the browser was trying to open a pop-up to give me my token. In this day and age, when everybody has pop-ups disabled and locked down etc. I don't know why Panopto are still doing it this way. But anyway, I found that my default browser was Internet Explorer, tried enabling pop-ups, clearing cookies, logging back on, then getting a token again, but it wouldn't play ball. I tried Microsoft Edge, did all that again, got an additional message 'do you really want to allow this pop-up' (YES!, YES,! YES! #!'@@##!) but still it failed. So I tried all that again in Google Chrome, got the additional 'do you really want to allow this pop-up' (YUP!) and it worked!
I've just saved you from a nervous breakdown. There is no Charge.
All the best, Phil Holmes
(Business Applications Manager - RCM).