How to do a OAuth 2.0 authentication in JMeter?

Asked 24/1, 2017 at 1:57 Answered 4/9, 2019 at 15:0

Solved azure authentication oauth-2.0 jmeter jmeter-plugins

I'm trying to Functional test a few APIs that need to be authenticated (OAuth 2.0) and simulate this in JMeter.

I'm trying to authenticate the OAuth service for Azure cloud. Has anyone out there been able to successfully create JMeter HTTP requests to authenticate against OAuth 2.0?

Knickerbockers answered 24/1, 2017 at 1:57 Comment(1)

this link might help you blogs.quovantis.com/… – Flimsy 8/8, 2019 at 23:43

Basically you need to add HTTP Header Manager to send Authorization header with the value of Bearer ${ACCESS_TOKEN} in order to make authenticated OAuth API calls.

Access token can be obtained in 2 major ways:

Get it somehow (ask for it, capture it using sniffer tool and application which you need to simulate, etc), but be aware that OAuth access tokens have limited life span (1 hour by default, this applies to point 2 as well)
Implement OAuth2 flow in your test, i.e. :
- Authenticate (providing Client ID and Tenant ID)
- Authorise (using Client ID and the code from the previous step)
- Get Access token (providing Authorization code from previous step, code from first step, and Client ID

In regards to implementing option 2 - it will require 3 separate JMeter samplers (or alternatively you can get the access token programmatically via JSR223 Sampler)

References:

Birdwatcher answered 24/1, 2017 at 5:12 Comment(3)

Firstly thank you for consolidating this information. I was trying to avoid the entire hassle of having to manually do this. Anyhow I have been successfully able to get through the Authentication, Authorisation and now while trying to get the Access token I receive this misleading error: "AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided.." error_codes=70002, 50012 On face value I would believe this would be an incorrect client_secret however after checking multiple times (leading or trailing spaces) I do not have success. Any leads? – Knickerbockers 25/1, 2017 at 2:24

How to get authentication token using jmeter? – Goggles 27/6, 2021 at 4:54

I mean for multiple users – Goggles 27/6, 2021 at 5:2

As a part of API Test automation, we did created native client ID, assign the required resources to native client.

All you need adal4j-1.6.X.jar

public static AuthenticationResult getAuthToken(String username, String password, 
String clientId, String authority, String tenant, String urii) throws Throwable {

    AuthenticationContext context = null;
    AuthenticationResult result = null;
    ExecutorService service = null;

    crypToUtil td= new crypToUtil();
    crypToUtil cryptoUtil = new crypToUtil(); 

    password = cryptoUtil.decrypt(password);

    try {

        service = Executors.newFixedThreadPool(1);
        context = new AuthenticationContext(authority + tenant + "/", true,service);
        Future<AuthenticationResult> future = context.acquireToken(urii, clientId, username, password,null);
        result = future.get();                

    } catch (ExecutionException | MalformedURLException e) {

        throw e.getCause();

    } finally {

        service.shutdown();

    }

    if (result == null) {

        throw new ServiceUnavailableException("authentication result was null, could be your input data were wrong ...");

    }

    return result;

}

Gravelblind answered 4/9, 2019 at 15:0 Comment(0)

Recommended topics

Hot tags