Bearer Auth with username and password
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Bearer Auth with username and password
Hello,
we are in the process of writing functional tests for our REST API.
The authentication type we use is Bearer Authentication. The token is received via a dedicated "/login" endpoint which must be performed with a username and password. The token is then in the response payload.
A typical setup for a test would therefore look like this:
1. Make Login Request:
Request:
POST /login
{
user: "admin",
password: "password"
}
Response:
{ token: "asdf123fasdf123" }
2. Parse the token out of the Reponse
3. Inject the token into the Authentication Header:
Authentication: Bearer <token>
For now our test setup for the test cases which need authentication looks like this:
1. Step one and two from above are done in a "helper" testcase
2. For each testcase which need authentication a script will be placed in with the Setup script which runs this helper testcase and injects the token into the individual requests inside the testcase
This is probably not the best way to do it.
So is there any way to use the build-in Auth-Manager? We haven't found a solution for making a login request with username and password, so far.
Thanks in advance!
- Labels:
-
REST
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1)We can run "Helper" testcase from test suite level setup script and
2) Inside helper testcase add property transfer to store Bearer token at test suite level custom properties, so we can utilize that across the test suite(In all test cases)
Note: Keep Disable Helper testcase, so it won't run two times, when you run all testcases from test suite level
Setup Script for test suite level.
def testCase = testSuite.testCases["Helper"]
def prop = new com.eviware.soapui.support.types.StringToObjectMap()
runner = testCase.run(prop , true)
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay yes this is also the way we are doing it right now. Still I am wondering if I can use the Auth Manager.
