Forum Discussion
Hi richie,
Can you explain to me how I can exercise the API's having OAuth 1.0 without using the OAuth functionality of ReadyAPI?
And how do you set up the individual REST Calls of the back and forth processing of the OAuth?
Thanks and Regards,
Jagruuti
To setup requests instead of relying on the OAuth functionality you need to replicate the back and forth processing that occurs during the OAuth. Thats it really.
So youll need to identify the grant type scheme your OAuth is using, the 3 or 4 different endpoints that are providing the OAuth tokens, etc. you need and youll need to ensure grab each of the tokens etc. provided by each of the different endpoints.
Its a bit of work. I had to do this twice....one OAuth process required 8 different requests and the other time there were 16 REST requests (albeit both those used a customised, ridiculously complicated bodge of an OAuth process). Best thing would be to speak to dev to confirm all the endpoints/auth/methods/payloads for each request.
As i said, it is entirely possible, but id like to highlight one point before you start. In "live", the genuine OAuth process would be used and so your client app would need to resolve all those static values dev have provided you anyway.
Perhaps it would just be easier to use the OAuth processing?
Mind you....if dev have provided you hard coded values then perhaps the OAuth processing hasnt actually been coded yet. If thats the case then settimg up the individual requests wont work.
If this is the case, you have 1 other option and tbh, i think this would be the easiest. The fact that dev provided you with some hardcoded values means unlike most OAuth, you Authorization header value you need to pass onto all your REST requests is static/constant. The back and forth that OAuth performs is all about building up to get the access/bearer tokem you need for your REST requests you need to test.
So! Go into postman and submit your OAuth request (with those static values dev gave you). At this point, once the request is submitted, have a look at the Authorization http header value. Copy that and paste it into your REST test steps Authorization header (i.e. hard code the value).
That should work nicely. Sorry. I shouldve come up with this first. This wont solve the problem once your OAuth processing has been coded, but once it has bren developed youll be able to use the OAuth functionality im ReadyAPI!/SoapUI anyway!
Ta
Rich
- sonya_m4 years agoSmartBear Alumni (Retired)
Thank for providing the in-depth explanation Richie.
Hi Jagruuti ! Please let us know if the reply was helpful!
- Jagruuti4 years agoContributor
Yes, DEV team has provided me with the hardcoded values.
So I directly used the Authorization value from the Postman in the header of the HTTP request in ReadyAPI.
I'm getting the below error, if I'm trying to follow the above method.
HTTP/1.1 403 Forbidden
Date: Tue, 18 Aug 2020 05:37:39 GMT
WWW-Authenticate: OAuth realm="******"
Content-Length: 71
Set-Cookie: NS_ROUTING_VERSION=LAGGING; path=/
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=998
Connection: Keep-Aliveerror code: INVALID_LOGIN_ATTEMPT
error message: Invalid login attempt.- sonya_m4 years agoSmartBear Alumni (Retired)
I apologize for the long wait. I see that you are investigating this with the support team (case 00447593). Please keep working with them, and we'll be happy to learn what solution they have to provide!
Related Content
- 4 years agoyassir
- 3 years agoalexandrebodart
- 3 years agoaaronpliu