CODEWITHSUNDEEP
azureauthenticationoauth-2.0jmeterjmeter-plugins
Husain Khambaty
Husain Khambaty

Reputation: 751

How to do a OAuth 2.0 authentication in JMeter?

I'm trying to Functional test a few APIs that need to be authenticated (OAuth 2.0) and simulate this in JMeter.

I'm trying to authenticate the OAuth service for Azure cloud. Has anyone out there been able to successfully create JMeter HTTP requests to authenticate against OAuth 2.0?

Upvotes: 10

Views: 48528

Answers (2)

Vijay N
Vijay N

Reputation: 37

As a part of API Test automation, we did created native client ID, assign the required resources to native client.

All you need adal4j-1.6.X.jar

public static AuthenticationResult getAuthToken(String username, String password, 
String clientId, String authority, String tenant, String urii) throws Throwable {

    AuthenticationContext context = null;
    AuthenticationResult result = null;
    ExecutorService service = null;

    crypToUtil td= new crypToUtil();
    crypToUtil cryptoUtil = new crypToUtil(); 

    password = cryptoUtil.decrypt(password);

    try {

        service = Executors.newFixedThreadPool(1);
        context = new AuthenticationContext(authority + tenant + "/", true,service);
        Future<AuthenticationResult> future = context.acquireToken(urii, clientId, username, password,null);
        result = future.get();                

    } catch (ExecutionException | MalformedURLException e) {

        throw e.getCause();

    } finally {

        service.shutdown();

    }

    if (result == null) {

        throw new ServiceUnavailableException("authentication result was null, could be your input data were wrong ...");

    }

    return result;

}

Upvotes: 2

Dmitri T
Dmitri T

Reputation: 168092

Basically you need to add HTTP Header Manager to send Authorization header with the value of Bearer ${ACCESS_TOKEN} in order to make authenticated OAuth API calls.

Access token can be obtained in 2 major ways:

  1. Get it somehow (ask for it, capture it using sniffer tool and application which you need to simulate, etc), but be aware that OAuth access tokens have limited life span (1 hour by default, this applies to point 2 as well)

  2. Implement OAuth2 flow in your test, i.e. :

    • Authenticate (providing Client ID and Tenant ID)
    • Authorise (using Client ID and the code from the previous step)
    • Get Access token (providing Authorization code from previous step, code from first step, and Client ID

In regards to implementing option 2 - it will require 3 separate JMeter samplers (or alternatively you can get the access token programmatically via JSR223 Sampler)

References:

Upvotes: 11

Related Questions