Forum Discussion

tarquin's avatar
Frequent Visitor
8 years ago

Help to get started with OAuth 2.0

First up,  I'd like to say a big hello to everyone.  This is my first post and I am relative newcomer to this SOUPUI malarkey.  I am test analyst (mainly manual testing) and have a project that I am working on which makes use of REST api calls via OAuth 2.0.  The vendor (d2l) has provided their own API Test webpage which I can send api requests with but it isnt as good as SOAPUI in that you cant save these into test cases, and you have to manually copy and past api call into a tiny little text box every time you want to run a test.  Not the best solution:


Enter SOUPUI.  I thought it would be a great learning opportunity to get to grips with a tool I have little exposure to.  Also I have little api REST testing exposure also so I'm very excited by all this.


Anyway this is what I did:


1. First up I opened up the soup UI tool.

2. I then clicked on the REST Icon - In the New REST Project pop-up I entered the URI to my dev environment(lets call this  (so this is now the endpoint)

3. I created a Version Resource with Resource path /d2l/api/versions/

4. In the Auth tab I selected OAuth 2.0 and clicked the Get Token drop down arrow

5. I selected:


OAuth 2 Flow = Authorization Code Grant,

Client id = I put my id that I had generated from the vendor software following instructions they provided

Client secret = I entered my provided secret

Authorization URI =

Access token URI =

Redirect URI = https://localhost:3001/callback

Score = core :*.*


6. I click Get access token


What happens is that a SOUPUI browser pops up and displays the dev environment login page.  In this browser I can then enter my username and password etc...


What I want to be able to do is to send some basic api calls such as whoamI and version just to get started.


In Request 1 I have the Resource set to : /d2l/api/versions/ with method GET.


I get the following XML back:


<meta content="HTML Tidy for Java (vers. 27 Sep 2004), see" name="generator"/>
<body>Authentication required</body>


But did I not already authenticate?  Incidentally if i look on the Oath tab I see Get Token(resume).  Clicking on that I see next to Get Access Token a revolving progress wheel with the text Waiting for Authorization.


What am I doing wrong? Any tips for getting me on the right path would be greatly appreciated.  I just want to get authenticated and able to send api calls.


So is the endpoint correct - to be pointed at the dev env?  Is the redirect UIR correct - on the d2l blog they did ask to use this URI:


Im not a developer just a someone trying to get to grips with this tool and this technology,  thanks in advance for any help you can provide to get me started.




No RepliesBe the first to reply