cancel
Showing results for 
Search instead for 
Did you mean: 

Obtain OAuth JWT Bearer Token Value.....Struggling.....

SOLVED
Community Hero

Obtain OAuth JWT Bearer Token Value.....Struggling.....

Hi,

 

My latest project have changed the authentication that generates a JWT token, but everyone here is actually grabbing the token manually to do their front end automation and performance testing - which is ridiculous - so I want to automate the process if possible for my api testing.

 

You'll have to forgive me - I don't know much about JWT authentication - I understand the very basics - but that's about it - so I could do with a little advice in case anyone has done something similar before.

 

The way they're doing it manually is to launch a webpage (enable Chrome's Developer Tools) input a username and password and once logged in - you can see the initial POST (for the successful login) and then multiple GETs as various resources (.css, .json, .png's etc.) are retrieved.  One of these GET requests (that you can see after the initial POST) includes the token value as the GET's query parameter.

 

e.g. the relevant GET's format is as follows:

https://whatevs.azurewebsites.net/protected/form/2849EHC?token=<tokenvalue>

I then set the authorization profile to the OAuth 2.0 JWT Bearer (which was a total guess on my part), completed the profile creation, pasted the tokenvalue into the field (screenshot attached) and submitted the request and it worked!

 

The token last for 8 hours.

 

So - I can manually grab the token - but this isn't automated.  The whole dev team I work with are very junior - so I can't ask them questions about this (yes I know, it's a ridiculous situation to be in) because they just wont know the answer.  I can see in ReadyAPI! there might be a way to retrieve the token using some OAuth profile - but the developers dont even know what OAuth profile we're using (a totally different external team developed the authentication and I cannot contact them - again - ridiculous).

 

I was thinking I might not  be able to use the out the box OAuth JWT token retrieval functionality because I dont know what I dont know and I cant ask anyone the questions I need asked.

 

HOWEVER - I was wondering - considering the token value is actually a query parameter value in one of hte follow up GETs after the initial login post - is there anyway I can could grab the queryparm value from one of the many (about 10 to 15 GETs) that are made?

I've never actually seen a login request in SoapUI emulate logging into a front end resource, so I haven't got an example in my previous experience where multiple GETs were made after an initial POST in my testing.

 

Can anyone advise?  I know it's crazy to not be able to ask the development team the relevant questions.  They can't even tell me which grant method I should be using or anything at all and they cant tell me all the parameters required to emulate the POST that is the initial login (username/password) request.  I'm having to record a script in JMeter to actually work out what parameters I need to submit to emulate the login POST.

 

I'd welcome any advice.....I'm trying to read up on OAuth as best I can - so I can work out all the different considerations i need - e.g identifying the right grant method I need to use etc. 

 

I hope I've been clear - I know sometimes I'm not!

 

Thanks to all!

 

richie

 

if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the title of the post to something more descriptive? This will help people when searching for problems.
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Community Hero

Re: Obtain OAuth JWT Bearer Token Value.....Struggling.....

Have a look at the below link to get an idea
https://developer.okta.com/blog/2018/10/31/jwts-with-java


Regards,
Rao.
7 REPLIES 7
Highlighted
Community Hero

Re: Obtain OAuth JWT Bearer Token Value.....Struggling.....

Have a look at the below link to get an idea
https://developer.okta.com/blog/2018/10/31/jwts-with-java


Regards,
Rao.
Community Hero

Re: Obtain OAuth JWT Bearer Token Value.....Struggling.....

Cheers @nmrao 

 

I've found out - they're using OAuth v2.0 with Authorization Code as the grant type - but the solution is a total bodge on that pattern.

The developer has managed to set it up in postman and just to get the authorization token takes 16 sequential REST requests!

I'm just gonna grab the postman collection! Smiley Happy

 

nice one!

 

richie 

if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the title of the post to something more descriptive? This will help people when searching for problems.
Community Hero

Re: Obtain OAuth JWT Bearer Token Value.....Struggling.....

In that case, solution seems to be different and the link I provided did not help it seems.

May be you can add your solution instead of my reply.


Regards,
Rao.
Community Hero

Re: Obtain OAuth JWT Bearer Token Value.....Struggling.....

Hey @nmrao 

 

I marked up your response as the accepted solution because this is the only way to close the ticket. and because you did try and help me.

 

Essentially the whole OAuth v2.0 authentication process is a total bodge and only partially relates to the Authorization Code grant type - ReadyAPI! supports the functionality to support this grant type - but the whole process has been customised to the point it bears no resemblance and isn't transferrable - hence the reason why I didn't add the solution of what I'm doing

 

The process I'm using has 16 REST requests (a couple POSTs but mostly GETs) and nowhere else would use this approach.  Essentially the Technical Architect that was supposed to be reviewing the solution left and the developers did whatever they could to get the process to work - but architecturally - the approach is an antipattern and would never, ever be used elsewhere.

 

If perhaps one of the forum admins would be able to delete the post - that would make more sense - @Olga_T  - is there any chance you could delete this topic?  ta

Cheers,

 

richie

 

if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the title of the post to something more descriptive? This will help people when searching for problems.
Community Manager

Re: Obtain OAuth JWT Bearer Token Value.....Struggling.....

Hi @richie,

 

I understand that the situation you faced is very specific, and there is a possibility that nobody else will face it.

However, I would prefer to leave the topic as it is - this may give other users some thoughts or directions where to move forward.

 

This is what we have a community for. Sometimes, we cannot give the only one solution. However, we can give clues and suggestions for other community members. Does it make sense? 

---------
Tanya Gorbunova
SmartBear Community Manager

Did my reply answer your question? Give Kudos or Accept it as a Solution to help others.↓↓↓↓↓
Community Hero

Re: Obtain OAuth JWT Bearer Token Value.....Struggling.....

Hey @TanyaGorbunova & @nmrao 

 

you guys are right - there is still some transferrable stuff that I can publish that might help some people.  I'm just finishing off the automation now and once it's complete I'll review and then publish the generic steps I think would help people,

 

cheers

 

richie

if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the title of the post to something more descriptive? This will help people when searching for problems.
Community Manager

Re: Obtain OAuth JWT Bearer Token Value.....Struggling.....

Hi @richie,

 

Thanks for sharing your investigations you've done to find solutions. We really appreciate it!

---------
Tanya Gorbunova
SmartBear Community Manager

Did my reply answer your question? Give Kudos or Accept it as a Solution to help others.↓↓↓↓↓
New Here?
Join us and watch the welcome video:
SmartBear + Cucumber
Top Kudoed Authors