Ask a Question

Check and retrieve OAuth Token at project startup

Regular Contributor

Check and retrieve OAuth Token at project startup



I'm a little bit blured into the documentation of SmartBear.


I need to use an Access Token for some of my Webservice projects that are configured according our FSP.

My Flow = Client Credentials Grant

I've been able to add the token manually for each REST Request, but I'm searching for a way to make a check on the beginning of the project. As the projects will be put on Jenkins and Jenkins doesn't look at anything (it's basically just grabbing the code and executing it) I should need a kind of groovy code or something that starts the listeners at the beginning of each projects to check if the Token is still valid. If not ask for a new one before executing the testcases.


So I've added an Event "SubmitListener.beforeSubmit" with the code that I've found online.

I've added this Event to all my projects but it doesn't seem to check if the Token is still valid.

Maybe this code isn't usefull for this?


// Import the required classes

def authProfileName = "FODBOSA_PDC"

    return // stop if the auth type is null, for example jdbc requests
}else if(submit.getRequest().getActiveAuthProfile() == null){
    return // stop if the auth profile is null
}else if(authProfileName == submit.getRequest().getActiveAuthProfile().getName()){

    // Set up variables
    def project = ModelSupport.getModelItemProject(context.getModelItem())
    def authProfile = project.getAuthRepository().getEntry(authProfileName)
    def oldToken = authProfile.getAccessToken()
    def tokenType = TokenType.ACCESS

    // Create a facade object
    def oAuthFacade = new OltuOAuth2ClientFacade(tokenType)

    // Request an access token in headless mode
    oAuthFacade.requestAccessToken(authProfile, true, true)

    // Wait until the access token gets updated
    //while(oldToken == authProfile.getAccessToken()) {}

    //The sleep method can be used instead of a while loop

    for(int i = 0; i<=3000; i++){
        if(oldToken != authProfile.getAccessToken()){

    // Post the info to the log"Set new token: " + authProfile.getAccessToken())

Documentation about  OAuth on SmartBear talks about ".... uses JavaScript to simulate user actions against the webpage"  . Do I really need to understand it like a 'browser that opens a webpage' action? because if we're talking API's I don't see where this fit in? 

Then the documentation talks about an 'Authorization' and a 'Consent code' followed by an eventually "Calling the Automated Retrieval Procedure". I don't see how this is relevant for API's, how I can adapt/use this for my case. Well ... that is, the last part could be usefull as there is a Listener in it, but then again the code is talking about a login name and  password.....


I've also read the implementation with Jenkins, but I doubt that the coding there will be used to check/retrieve new Tokens.


Is there someone who already have tried to automate the Token retrieval?


thanks in advance for your time reading all this  πŸ™‚ 




Community Hero

Hi @AAB 


I'm only adding my perspective cos I can answer 1 of your questions, but only 1


I was looking at implementing OAuth v2.0 auth for the project I was working on but in the end it was impossible to use the embedded ReadyAPI! functionality because the authentication/authorization process used was based on one of the granttypes available via OAuth v2.0 but had been customised to such a point that it was impossible to implement using the embedded ReadyAPI! functionality.


Anyway - so my response - yes you're right - we're API testing so its a little confusing why the help mentions simulating the actions of a user interacting with a web page.

HOWEVER - depending on the OAuth implementation as well as the grantype scheme you're using - content you need to grab (token values etc.) may be embedded within a web page - i.e. at a certain point in my very lengthy authentication process my tokens were contained in hidden .html fields in a web page.


There was no way to grab these token values from hidden .html fields - the Outline tab did not display the hidden fields - the HTML tab did display the fields but I couldn't scrape out the values from the HTML page using the embedded functionality - so this is one of the reasons simulating the users actions is mentioned in the help.


Ok - that's all the help I can provide on this






if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the Subject header field of the post to something more descriptive? This will help people when searching for problems. Ta
Regular Contributor

@richie , Thanks for your time and the explanation. I was wondering about that webpage stuff but I wanted to make sure!  πŸ˜‰

Anyway, I hope someone has a solution on it, otherwise I need to look further.

Thanks man!





Is there anything in the error log after you send a request from one of you tests cases? I copied that script and after I updated the profile name my token in auth manager was updated when I sent a request.

Also the token name in the script does not match the token in the screen shot. Are these just from different projects?


Side note:

If you have multiple tokens for the same project take a look at this post. That script will update all the tokens for the current project. You may have to modify the scope of the "project" variable depending on what type of event you select.

Auto Token Generation for OAuth2.0

Regular Contributor


Thank you for your answer AND your good eye! Indeed, I forgot to change the token name. Now it works fine!



Showing results forΒ 
Search instead forΒ 
Did you mean:Β