This tutorial describes how to create a smart test template that can be used to quickly add OAuth 2.0 authentication set-up tests to your scenarios.
Overview
The process is outlined in the following steps:
- Create a .tst file and add an empty REST client. This is the source client that the smart test template will use to enable authentication.
- Configure the client to request a token from the authentication server.
- Add the access token and token type variables to the Test Suite configuration.
- Attach a JSON Data Bank tool to the client to extract the access token and token type from the response. The values should be extracted as variables instead of custom column names, which is the default setting.
- Create a smart test template (.stt) file and configure the resource suite to match the tests that require authentication.
- Add a resource template that matches the parent suite.
- Chain a Test Suite Reference to the resource template.
- Configure the Test Suite Reference to point to the .tst file that enables authentication.
- If authentication is required for specific paths, additional resource templates can be added to suite to refine which tests are matched when the .stt is applied.
- Add an HTTP Header output to the resource template and include an authorization header that sends the token type and access token variables in the request.
- Save all your changes and apply the template to the tests that require authentication.
A Test Suite Reference will be added to the beginning of each Test Suite that contains a test that matches the configuration in the smart test template. The suite will include the REST client and JSON Data Bank and extracted access token and token type. If the Persist as relative path option was enabled in the Test Suite Reference configuration, you may need to modify the Test Suite Reference field in the generated test suite.
Configuring the Authentication Source
The section describes how to create and configure the Test Suite containing a REST Client that will be used to capture the OAuth 2.0 authentication token information.
- Go to File > New > Test (.tst) File.
- Specify a project folder and name (for example,
AuthSuite
). - Click Next and choose Empty.
- Click Finish and double-click the new suite to open it in the editor.
- Click the Variables tab and click Add.
- Configure the variable using the following settings:
- Enter
access_token
in the Name field. - Choose String from the Type menu.
- Enter
default_token
in the Value field.
- Enter
- Save the variable and create another variable with the following settings:
- Enter
token_type
in the Name field. - Choose String from the Type menu.
- Enter
default_type
in the Value field.
- Enter
- Save the variable and right-click the suite.
- Choose Add New > Test... from the shortcut menu and choose Standard Test > REST Client in the wizard.
- Click Finish and click the Resource tab.
- Specify the URL to the authentication server and include the necessary login credentials for requesting a token. Per the OAuth 2.0 RFC, your token request must include a specific set of information, such as grant type, client ID, client secret, and scope, depending on the authentication flow you are using. Refer to the OAuth 2.0 Authorization Framework for details. The method for passing credentials depends on your application. For example, your authentication server may require a POST call with login credentials sent in the payload. In the following example, token request parameters are sent in the REST Client payload using a multipart/form-data format:
- Save your changes.
- Right-click the REST Client and choose Add Output....
- Choose Response > Traffic in the left pane and JSON Data Bank in the right, then click Finish.
- Select the client and click Run Tests in the tool bar to populate the output.
- Extract the
access_token
parameter and click Modify. - Choose Data Source Column and enable Variable.
- Choose access_token and click OK.
- Extract the
token_type
parameter and click Modify. - Click Data Source Column and enable the Variable option.
- Choose
token_type
and click OK. - Save your changes.
The REST Client is now configured to extract the OAuth access token and token type from the authentication server and store the values in variables. When the smart test template is configured as described in the following section, the suite will be copied to the tests that require authentication when the template is applied.
Creating the Smart Test Template
This section describes how to create the smart test template that will be applied to the tests that require authentication.
- Open the Smart Test Templates view and click Add Template in the tool bar.
- Specify a name and location for the template and click Next. The template must be saved to the TestAssets folder or a subfolder of the TestAssets folder.
- Choose Empty and click Finish.
- Double-click on the Resource Suite and specify a pattern in the Match field. The pattern should identify the endpoints you want the rules to apply to. See Defining Smart API Test Generation Scope for additional information about matching resources.
- Right-click on the Resource Suite and choose Add New > Resource Template.
- Specify any additional pattern-matching logic (for example, REST method or path segment) to identify tests that the template should be applied to. Leave the Match field empty to match all tests matched by the parent Resource Suite.
- Right-click on the Resource Template and choose Add Output...
- Choose Suite > Beginning in the left pane and Test Suite Reference in the right.
- Click Finish and specify the .tst file created in the Configuring the Authentication Source section. If you enable the Persist as relative path option, the path generated in the test suite configuration when the template is applied will be relative to the TestAssets field. You can use the
${project_loc
} variable to reference tests in another project. For example, if the REST Client you created is saved to a project called "auth" and the .tst file has the name "AuthSuite", you could specify${project_loc:auth}/AuthSuite.tst
in the field. When the template is applied, the path to the reference will be correct. - Right-click on the Resource Template again and choose Add Output...
- Choose Request > Transport Header in the left pane and HTTP Header in the right.
Click Finish and add the following header in the Tool Settings section of the HTTP Header tool:
Authorization: ${access_token} ${token_type}
- Save your changes.
Applying the Smart Template
This section describes how to apply the smart test template and address any additional actions you may need to take for the tests you are targeting to authenticate as expected.
Applying the Template to a Single Test
- Right-click on the test and choose Apply Smart Test Template.
- Review the smart test template rules when prompted and click OK.
The Test Suite Reference with the authentication settings will be added to the beginning of the Test Suite containing the test.
Run the Test Suite to verify that it functions as expected. Open the target test and click the HTTP Options. You should see the authorization variables in the HTTP Headers section.
If you did not use the project variable when referencing the source .tst file and the Persist as relative path option is enabled in the smart test template, additional path segments may appear in the generated Test Suite. The paths may need to be removed for your test to properly reference the authentication suite.
Applying the Template to Multiple Tests
- Right-click on the .tst file or parent Test Suite and choose Apply Smart Test Template.
- Review the smart test template rules when prompted and click OK.
The Test Suite Reference with the authentication settings will be added at the beginning of the Test Suites that contain matching test.
Run the Test Suites to verify that they function as expected. Open a target test and click the HTTP Options. You should see the authorization variables in the HTTP Headers section.
If you did not use the project variable when referencing the source .tst file and the Persist as relative path option is enabled in the smart test template, additional path segments may appear in the generated Test Suite. The paths may need to be removed for your test to properly reference the authentication suite.