Forum Discussion

sorkfa's avatar
sorkfa
New Contributor
4 years ago

Bearer Auth with username and password

Hello,

 

we are in the process of writing functional tests for our REST API.
The authentication type we use is Bearer Authentication. The token is received via a dedicated "/login" endpoint which must be performed with a username and password. The token is then in the response payload.

 

A typical setup for a test would therefore look like this:

1. Make Login Request:
Request:

 

POST /login
  {
     user: "admin",
     password: "password"
  }

 


Response:

 

{ token: "asdf123fasdf123" }

 

 

2. Parse the token out of the Reponse


3. Inject the token into the Authentication Header:

 

Authentication: Bearer <token>

 

 

For now our test setup for the test cases which need authentication looks like this:


  1. 1. Step one and two from above are done in a "helper" testcase
    2. For each testcase which need authentication a script will be placed in with the Setup script which runs this helper testcase and injects the token into the individual requests inside the testcase

 

This is probably not the best way to do it.
So is there any way to use the build-in Auth-Manager? We haven't found a solution for making a login request with username and password, so far.


Thanks in advance!

 

2 Replies

  • PrathapR's avatar
    PrathapR
    Frequent Contributor

    sorkfa 

     

    1)We can run "Helper" testcase from test suite level  setup script and

    2) Inside helper testcase add property transfer to store Bearer token at test suite level custom properties, so we can utilize that across the test suite(In all test cases)

     

    Note: Keep Disable Helper testcase, so it won't run two times, when you run all testcases from test suite level

     

    Setup Script for test suite level.

    def testCase = testSuite.testCases["Helper"]
    def prop = new com.eviware.soapui.support.types.StringToObjectMap()
    runner = testCase.run(prop , true)

    • sorkfa's avatar
      sorkfa
      New Contributor

      Okay yes this is also the way we are doing it right now. Still I am wondering if I can use the Auth Manager.