Ask a Question

SoapUI stores access token with project XML?

matthjes
New Contributor

SoapUI stores access token with project XML?

Hi,

I've externalized properties that are used for e.g. authentication to a properties file that a user must load into SoapUI and fill out the credentials. The configured OAuth2 profile then uses these properties to get an access token. The idea is that the properties should not be stored with the project XML file as this should be shared with others.

Now I've noticed that while the credentials are not stored, the access token is. Though it expires in 2 hours, it's still not a good solution to store this token as part of the project XML file.

Is there some way / option to avoid this?

3 REPLIES 3
nmrao
Champion Level 3

Please see if there is revoke token method available in the API.

 

See if you can write a script to delete the saved token from project before pushing it to source repository or sharing.

 

 



Regards,
Rao.
JuZ0
Occasional Contributor

You could store the accesstoken to property test step inside testCase. Then you can set this property test step to discard all the values during project saving. This way you can get rid of sensitive data or unnecessary run-time glutter in files after project saving.

mkrausem
Occasional Contributor

Hi, 

we use a script before we commit which need to be (manually) executed

	def clearOAuth2AccessToken(def project)
	{

		def profiles = project.getAuthRepository().getEntryList()

		profiles.each()
		{
			profile ->
				if(profile.getClass() == OAuth2Profile)
				{
					log.info("Clear Access token in profile: " + profile.getName())
					profile.setAccessToken(null)
					profile.setAccessTokenIssuedTime(0)
				}
		}
	}
Michael Krausemann
cancel
Showing results for 
Search instead for 
Did you mean: