SoapUI stores access token with project XML?

matthjes · ‎02-24-2023

Hi,

I've externalized properties that are used for e.g. authentication to a properties file that a user must load into SoapUI and fill out the credentials. The configured OAuth2 profile then uses these properties to get an access token. The idea is that the properties should not be stored with the project XML file as this should be shared with others.

Now I've noticed that while the credentials are not stored, the access token is. Though it expires in 2 hours, it's still not a good solution to store this token as part of the project XML file.

Is there some way / option to avoid this?

nmrao · ‎03-03-2023

Please see if there is revoke token method available in the API.

See if you can write a script to delete the saved token from project before pushing it to source repository or sharing.

Regards,
Rao.

JuZ0 · ‎03-16-2023

You could store the accesstoken to property test step inside testCase. Then you can set this property test step to discard all the values during project saving. This way you can get rid of sensitive data or unnecessary run-time glutter in files after project saving.

mkrausem · ‎03-16-2023

Hi,

we use a script before we commit which need to be (manually) executed

	def clearOAuth2AccessToken(def project)
	{

		def profiles = project.getAuthRepository().getEntryList()

		profiles.each()
		{
			profile ->
				if(profile.getClass() == OAuth2Profile)
				{
					log.info("Clear Access token in profile: " + profile.getName())
					profile.setAccessToken(null)
					profile.setAccessTokenIssuedTime(0)
				}
		}
	}

Michael Krausemann

SoapUI stores access token with project XML?

SoapUI stores access token with project XML?

SoapUI JSON response DateTime format validation

Default response RAW instead of XML

Unable to dump file upon executing Rest Request in...

It's not working correctly

Is setting the authprofile for a rest step support...