Ask a Question
Log In / Sign Up
Resources
Ask a Question
Log In Sign Up

Problems with refresh OAuth2 token

SOLVED
Solved
SiKing
Community Expert
Community Expert
‎05-19-2023 09:49 AM
‎05-19-2023 09:49 AM

Problems with refresh OAuth2 token

For our service we are using OAuth2 for authorization.

I have defined an OAuth2 profile in the Auth Manager.

When I click the Get Access Token button manually everything works as expected: a new token is fetched and all my tests pass.

When the token expires I am expecting ReadyAPI to automatically fetch a new token. However, this does not happen. What am I doing wrong?

get_token.pngadvanced_options.png

0 Kudos
11 REPLIES 11
nmrao
Champion Level 2
Champion Level 2
‎05-20-2023 05:54 PM
‎05-20-2023 05:54 PM

Does the authentication server provides refresh token when you get the token? If not, then ReadyAPI may not automatically refresh it when the token expires.

 

Was it working earlier and started facing this now? what changes?



Regards,
Rao.
0 Kudos
SiKing
Community Expert
Community Expert
In response to nmrao
‎05-22-2023 08:03 AM
‎05-22-2023 08:03 AM

I am using Client ID + Client Secret. I _believe_ that generates a refresh token, but am not certain. How would I check?

0 Kudos
SiKing
Community Expert
Community Expert
In response to nmrao
‎05-22-2023 08:33 AM
‎05-22-2023 08:33 AM

I just got the token manually by constructing a REST request. There is no refresh_token. 😞

This is from MS Azure. Is no refresh_token normal?

How would I setup the automation to "just get a new one". Since I am using Client ID + Client Secret there is no login screen; I just need to get a new token.

0 Kudos
nmrao
Champion Level 2
Champion Level 2
‎05-22-2023 08:38 AM
‎05-22-2023 08:38 AM

There must be separate API to get the token where you can see the response payload and see what data does it contain.

Or you can check the swagger page which also allows to get the token or authenticate.

 

What is the token expiratation time? (to know how frequently token to be generated)



Regards,
Rao.
0 Kudos
Yki
Contributor
‎05-23-2023 12:50 AM
‎05-23-2023 12:50 AM

my ex-colleague  wrote following script as a Event : SubmitListenerBeforeSubmit:

 

Yki_0-1684828206117.png

 

 

It is not working completely as it should (it requests a new token with every request, but so far I had no problems with it)

 

// Import the required classes
import com.eviware.soapui.impl.rest.actions.oauth.OltuOAuth2ClientFacade
import com.eviware.soapui.support.editor.inspectors.auth.TokenType
import com.eviware.soapui.model.support.ModelSupport

def authProfileName = "INT_Profile_Name"

if(!submit.getRequest().getAuthType().asBoolean()){
    return // stop if the auth type is null, for example jdbc requests
}else if(submit.getRequest().getActiveAuthProfile() == null){
    return // stop if the auth profile is null
}else if(authProfileName == submit.getRequest().getActiveAuthProfile().getName()){

    // Set up variables
    def project = ModelSupport.getModelItemProject(context.getModelItem())
    def authProfile = project.getAuthRepository().getEntry(authProfileName)
    def oldToken = authProfile.getAccessToken()
    def tokenType = TokenType.ACCESS

    // Create a facade object
    def oAuthFacade = new OltuOAuth2ClientFacade(tokenType)

    // Request an access token in headless mode
    oAuthFacade.requestAccessToken(authProfile, true, true)

    // Wait until the access token gets updated
    //while(oldToken == authProfile.getAccessToken()) {}

    //The sleep method can be used instead of a while loop
    //sleep(3000)

    for(int i = 0; i<=3000; i++){
        if(oldToken != authProfile.getAccessToken()){
            break
        }
        sleep(1)
    }

    // Post the info to the log
    log.info("Set new token: " + authProfile.getAccessToken())
}

 

SiKing
Community Expert
Community Expert
‎05-23-2023 10:21 AM
‎05-23-2023 10:21 AM

I seem to remember I had already dealt with this sometime in the past. Oh right: 5 years ago! It's a shame this shortcoming still exists in ReadyAPI. 😞

 

@Yki Here is a slightly improved(?) version on that script:

 

// Name: 'Forced token update'
// Event: 'SubmitListener.beforeSubmit'
// Target: '${=submit.request.authType.asBoolean()}' filters only test steps that have Authorization as an option

// https://support.smartbear.com/readyapi/docs/requests/auth/types/oauth2/automate/index.html#on-request
import com.eviware.soapui.impl.rest.actions.oauth.OltuOAuth2ClientFacade
import com.eviware.soapui.support.editor.inspectors.auth.TokenType
import com.eviware.soapui.model.support.ModelSupport
import com.eviware.soapui.config.AccessTokenStatusConfig

def project = ModelSupport.getModelItemProject(context.getModelItem())

def authProfile = project.authRepository.getEntry("!YOUR AUTH PROFILE NAME!")

if(authProfile.accessTokenStatus != AccessTokenStatusConfig.RETRIEVED_FROM_SERVER) {
	
	def oAuthFacade = new OltuOAuth2ClientFacade(TokenType.ACCESS)
	
	oAuthFacade.requestAccessToken(authProfile, true, true)
	
	// Access token retrieval may take time.
	def stopLoop = 0	// loop counter to prevent infinite loops in case of problems
	while(authProfile.accessTokenStatus != AccessTokenStatusConfig.RETRIEVED_FROM_SERVER && stopLoop++ < 6)
		sleep(5)
	
	log.info("Set new token: ${authProfile.accessToken}")
}

 

Yki
Contributor
‎05-24-2023 01:35 AM
‎05-24-2023 01:35 AM

Oh cool. I will try that. Thank you 🙂 @SiKing 

0 Kudos
sharon19_in
New Member
In response to Yki
‎07-20-2023 03:43 AM
‎07-20-2023 03:43 AM

Im using the free version, since there is no auth manager what options do we have to manage the auto refresh  ?

nmrao
Champion Level 2
Champion Level 2
‎07-20-2023 03:51 AM
‎07-20-2023 03:51 AM

@sharon19_in 

You may create a new post in Open Source forum with the details.



Regards,
Rao.
Subscribe
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: