Forum Discussion

matthjes's avatar
matthjes
New Contributor
2 years ago

SoapUI stores access token with project XML?

Hi,

I've externalized properties that are used for e.g. authentication to a properties file that a user must load into SoapUI and fill out the credentials. The configured OAuth2 profile then uses these properties to get an access token. The idea is that the properties should not be stored with the project XML file as this should be shared with others.

Now I've noticed that while the credentials are not stored, the access token is. Though it expires in 2 hours, it's still not a good solution to store this token as part of the project XML file.

Is there some way / option to avoid this?

  • nmrao's avatar
    nmrao
    Champion Level 3

    Please see if there is revoke token method available in the API.

     

    See if you can write a script to delete the saved token from project before pushing it to source repository or sharing.

     

     

  • JuZ0's avatar
    JuZ0
    Contributor

    You could store the accesstoken to property test step inside testCase. Then you can set this property test step to discard all the values during project saving. This way you can get rid of sensitive data or unnecessary run-time glutter in files after project saving.

  • mkrausem's avatar
    mkrausem
    Occasional Contributor

    Hi, 

    we use a script before we commit which need to be (manually) executed

    	def clearOAuth2AccessToken(def project)
    	{
    
    		def profiles = project.getAuthRepository().getEntryList()
    
    		profiles.each()
    		{
    			profile ->
    				if(profile.getClass() == OAuth2Profile)
    				{
    					log.info("Clear Access token in profile: " + profile.getName())
    					profile.setAccessToken(null)
    					profile.setAccessTokenIssuedTime(0)
    				}
    		}
    	}