Rest assured, how to extract generated token from response body after POST request and set it to header

Question

Performing any request, I need to perform Authentication with POST request with body {username:"somename", password:"somepass"}, header Content-Type:application.json which gives me a response with generated token, which I need to paste as a second header, smth like Authorization:generated-tokenkjhsdkjfvjbwjbQ== for further requests. Could you help me with it, please.

Answer 1

If you want to extract one parameter from response then this should work:

String jsonBody= ( enter request payload here )

ValidatableResponse response = RestAssured.given().baseUri(baseURL)
  .accept("application/json")
  .header("Content-Type","application/json")
  .body(jsonBody).when().post("/auth")
  .then().assertThat().statusCode(200)
  .log().all();
    
 String token=response.extract().path("token");

Answer 2

Variant which worked for me:

String token = given()
                .contentType("application/json")
                .body(new User("someuser" , "123"))
                .when()
                .post(RestConfig.baseUrl+"/authentication-url")
                .then().extract().response().as(TokenResponse.class).getToken();

        given()
                .contentType("application/json")
                .header("Authorization", token)
                .get(RestConfig.baseUrl+"/some-path")
                .then()
                .statusCode(200)...

Answer 3

I could be misunderstanding the question, but from what I am getting from it, I think something like this should work:

String token =
    given().
            header("Content-Type", "application/json").
            body(/* body content goes here */).
    when().
            post(/* route goes here */).
    then().
            extract().path("token").toString() 
            // the above path arg depends on the response you get from the call.

Then the next call would be something like:

    given().
            header("Content-Type", "application/json").
            header("Authorization", token).
    when()...etc.

Some of the specifics will depend on the API, but I use this format all the time. Often getting a response of a user ID, or a token, etc. and using it for future calls.

More info on extracting in the rest assured docs: https://github.com/rest-assured/rest-assured/wiki/Usage#extracting-values-from-the-response-after-validation

Answer 4

I had a similar requirement, where I had to pass the auth token back and forth, but this was spring rest template not rest assured. For that purpose, I used client filter, which captured the token on response and set it as a header on request. You can search if there is something similar in rest assured, which can do the job. Here is a sample, https://github.com/rest-assured/rest-assured/wiki/Usage

Custom Authentication

Rest Assured allows you to create custom authentication providers. You do this by implementing the io.restassured.spi.AuthFilter interface (preferably) and apply it as a filter. For example let's say that your security consists of adding together two headers together in a new header called "AUTH" (this is of course not secure). Then you can do that like this (Java 8 syntax):

given().
        filter((requestSpec, responseSpec, ctx) -> {
            String header1 = requestSpec.getHeaders().getValue("header1");
            String header2 = requestSpec.getHeaders().getValue("header2");
            requestSpec.header("AUTH", header1 + header2);
            return ctx.next(requestSpec, responseSpec);
        }).
when().
        get("/customAuth").
then().
  statusCode(200);

The reason why you want to use a AuthFilter and not Filter is that AuthFilters are automatically removed when doing given().auth().none(). ...