Hi Aviv
It is correct that all access tokens have a brief usable lifetime (currently one hour) after which they expire. To continue accessing that user's data the app should obtain a new access token using the refresh token that was issued alongside the previously issued access token. Please review our post Tip: Generating long living oauth2 tokens if you haven't already and let us know if you have any specific questions or concerns.
For anyone else encountering this error when attempting to obtain an access token from Postman via the embedded browser - a helpful workaround can be to use Postman to construct your authorization URL (see attached screenshot for an example). Your authorization URL can then be pasted in a browser to obtain an access token. Authorizing in a dedicated browser window where you should be able to authenticate without the error you are encountering in the embedded Postman browser. This seems to only be an issue if your Lucid account's admin settings enforce SAML SSO as the only allowed Sign-on Method.
It is my understanding that manual-intervention will always be required for accounts that enforce SAML authentication for all users. Though I will connect with our development team to see how your issue can be specifically addressed. I will get back to you thank you for your patience!
Hi Richard
Thank you for your response I've tried what you suggested and received "200 OK" response as a broken HTML.
Hello Aviv
To reiterate Richard's response once you have an access token with the "offline_access" scope you can use the https://lucid.readme.io/reference/refreshing-the-access-token flow to perpetually update the token without manual intervention.
As for your original question I might be misunderstanding but I believe the issue you are encountering is that when using the Postman OAuth2 flow you have to provide the "redirect_uri" that corresponds to the Postman client you are using.
For example in this tutorial (https://learning.postman.com/docs/sending-requests/authorization/#oauth-20) they suggest "https://oauth.pstmn.io/v1/browser-callback". When using the Postman client I believe its a bit different but similar.
One other thing I noticed in the screenshot you have the scope as "lucidchart.account.user". That scope is "account.user". This would cause an error to return after authenticating so that could also be causing your issue.
Let me know if neither of these address your underlying concern.