9

I'm trying to Functional test a few APIs that need to be authenticated (OAuth 2.0) and simulate this in JMeter.

I'm trying to authenticate the OAuth service for Azure cloud. Has anyone out there been able to successfully create JMeter HTTP requests to authenticate against OAuth 2.0?

Vijay N
  • 27
  • 5
Husain Khambaty
  • 740
  • 1
  • 9
  • 22
  • this link might help you http://blogs.quovantis.com/jmeter-authorization-with-dynamic-access-token/ – umer Aug 08 '19 at 23:43

2 Answers2

10

Basically you need to add HTTP Header Manager to send Authorization header with the value of Bearer ${ACCESS_TOKEN} in order to make authenticated OAuth API calls.

Access token can be obtained in 2 major ways:

  1. Get it somehow (ask for it, capture it using sniffer tool and application which you need to simulate, etc), but be aware that OAuth access tokens have limited life span (1 hour by default, this applies to point 2 as well)

  2. Implement OAuth2 flow in your test, i.e. :

    • Authenticate (providing Client ID and Tenant ID)
    • Authorise (using Client ID and the code from the previous step)
    • Get Access token (providing Authorization code from previous step, code from first step, and Client ID

In regards to implementing option 2 - it will require 3 separate JMeter samplers (or alternatively you can get the access token programmatically via JSR223 Sampler)

References:

Dmitri T
  • 159,985
  • 5
  • 83
  • 133
  • Firstly thank you for consolidating this information. I was trying to avoid the entire hassle of having to manually do this. Anyhow I have been successfully able to get through the Authentication, Authorisation and now while trying to get the Access token I receive this misleading error: **"AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided.."** error_codes=70002, 50012 On face value I would believe this would be an incorrect client_secret however after checking multiple times (leading or trailing spaces) I do not have success. Any leads? – Husain Khambaty Jan 25 '17 at 02:24
  • How to get authentication token using jmeter? – aj go Jun 27 '21 at 04:54
  • I mean for multiple users – aj go Jun 27 '21 at 05:02
1

As a part of API Test automation, we did created native client ID, assign the required resources to native client.

All you need adal4j-1.6.X.jar

public static AuthenticationResult getAuthToken(String username, String password, 
String clientId, String authority, String tenant, String urii) throws Throwable {

    AuthenticationContext context = null;
    AuthenticationResult result = null;
    ExecutorService service = null;

    crypToUtil td= new crypToUtil();
    crypToUtil cryptoUtil = new crypToUtil(); 

    password = cryptoUtil.decrypt(password);

    try {

        service = Executors.newFixedThreadPool(1);
        context = new AuthenticationContext(authority + tenant + "/", true,service);
        Future<AuthenticationResult> future = context.acquireToken(urii, clientId, username, password,null);
        result = future.get();                

    } catch (ExecutionException | MalformedURLException e) {

        throw e.getCause();

    } finally {

        service.shutdown();

    }

    if (result == null) {

        throw new ServiceUnavailableException("authentication result was null, could be your input data were wrong ...");

    }

    return result;

}
Dmitriy Fialkovskiy
  • 3,065
  • 8
  • 32
  • 47
Vijay N
  • 27
  • 5