cancel
Showing results for 
Search instead for 
Did you mean: 

How to setup ReadyAPI with OAuth 2.0 & access webPage For to retriew accesstoken

SOLVED
harry
Contributor

How to setup ReadyAPI with OAuth 2.0 & access webPage For to retriew accesstoken

Iam completely new to this. I tried checking below links. but its not clear to me the https://support.smartbear.com/readyapi/docs/requests/auth/types/oauth2/automate/sample.html#_ga=2.21...

https://support.smartbear.com/readyapi/docs/requests/auth/types/oauth2/tutorial.html

 

what is the client identification &  client secret?

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
richie
Community Hero

Re: How to setup ReadyAPI with OAuth 2.0 & access webPage For to retriew accesstoken

Hey @harry 

 

OAuth is tricky or at least I've always found it confusing - it's a lot more difficult to setup than say basic auth cos it's not just a username and password.

 

There's essentially 3 or 4 different 'components'  in the OAuth process flow.  It goes something like the following:

 

1. Client app (component1) submits an 'authorisation request' to User Resource Owner (component2)

2.  User Resource Owner returns 'authorisation grant' if Client app used correct creds

3. Client app submits 'authorisation grant' from previous step to the Authorisation Server (component3)

4. Authorisation server returns an 'bearer/access token' to Client app

5. Client app submits 'bearer/access token' to Resource Server (component4) - this is the endpoint of the resource your trying to hit from the client app

6. Resource Server authorises request and returns a valid response to the Client app

 

I cant remember the difference between a bearer and access token - that's why i haven't been specific above - but there is a difference apparently - suffice it to say - it's a token value that gets used

 

Right - your question - the client id and client secret are details sent by the Authorisation Server (see 6 steps above) back to the Client app (at step4).  Client then uses these along with the bearer/access token in step5 to send to the Resource Server.

 

At least that's how I think it works - it's always been a little confusing to me - so someone might have a better explanation - but the above is the way I think about it when dealing with OAuth v1 or 2

 

 

So - in step5 equivalent of one of my OAuth v2 requests - the Client submits the following request (and payload) to my Resource Server:

 

POST https://login.microsoftonline.com/6f504113-6b64-43f2-ade9-242e0599999/oauth2/token HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 192
Host: login.microsoftonline.com
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.5 (Java/12.0.1)

resource=${#Project#resource}
&client_id=${#Project#client_id}
&client_secret=${#Project#client_secret}
&grant_type=${#Project#grant_type}

 

 

 

Hope this helps and wasn't too confusing!

 

Cheers,

 

rich

if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the Subject header field of the post to something more descriptive? This will help people when searching for problems. Ta

View solution in original post

2 REPLIES 2
richie
Community Hero

Re: How to setup ReadyAPI with OAuth 2.0 & access webPage For to retriew accesstoken

Hey @harry 

 

OAuth is tricky or at least I've always found it confusing - it's a lot more difficult to setup than say basic auth cos it's not just a username and password.

 

There's essentially 3 or 4 different 'components'  in the OAuth process flow.  It goes something like the following:

 

1. Client app (component1) submits an 'authorisation request' to User Resource Owner (component2)

2.  User Resource Owner returns 'authorisation grant' if Client app used correct creds

3. Client app submits 'authorisation grant' from previous step to the Authorisation Server (component3)

4. Authorisation server returns an 'bearer/access token' to Client app

5. Client app submits 'bearer/access token' to Resource Server (component4) - this is the endpoint of the resource your trying to hit from the client app

6. Resource Server authorises request and returns a valid response to the Client app

 

I cant remember the difference between a bearer and access token - that's why i haven't been specific above - but there is a difference apparently - suffice it to say - it's a token value that gets used

 

Right - your question - the client id and client secret are details sent by the Authorisation Server (see 6 steps above) back to the Client app (at step4).  Client then uses these along with the bearer/access token in step5 to send to the Resource Server.

 

At least that's how I think it works - it's always been a little confusing to me - so someone might have a better explanation - but the above is the way I think about it when dealing with OAuth v1 or 2

 

 

So - in step5 equivalent of one of my OAuth v2 requests - the Client submits the following request (and payload) to my Resource Server:

 

POST https://login.microsoftonline.com/6f504113-6b64-43f2-ade9-242e0599999/oauth2/token HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 192
Host: login.microsoftonline.com
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.5 (Java/12.0.1)

resource=${#Project#resource}
&client_id=${#Project#client_id}
&client_secret=${#Project#client_secret}
&grant_type=${#Project#grant_type}

 

 

 

Hope this helps and wasn't too confusing!

 

Cheers,

 

rich

if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the Subject header field of the post to something more descriptive? This will help people when searching for problems. Ta

View solution in original post

harry
Contributor

Re: How to setup ReadyAPI with OAuth 2.0 & access webPage For to retriew accesstoken

Sorry for late response. Thanks Richie. Dev team came up with API's that are form based. They are not Rest based API's.Can i know how to test form based API's using Ready API?

New Here?
Join us and watch the welcome video:
Announcements
Top Kudoed Authors