Feature: oauth test using
nephos-qe-sec.az.staples.com/oauth
Background:
url 'https://<<>>/oauth/token'
Scenario: oauth flow
header Content-Type = 'application/x-www-form-urlencoded'
configure ssl = true
form field grant_type = 'client_credentials'
request 'client_id=<<>>&client_secret=<<>>'
method post
status 200
def accessToken = response.access_token
Getting 401 error when running from Karate Framework.
Tried with getting the similar error.
form field client_id = '<<>>'
form field client_secret = '<<>>'
401 Snapshot
Related
I want to invoke an api that returns bearer token (GET method). I can fetch Bearer Token successfully using .Net code. But with ADF I get only 'OK' and I see no option to fetch the Bearer Token.
Example:
ApiUrl = "https://myapi.mysite.org/api/ApiToken?user=u111&password=p111"
if status code = 'OK' then deserialize result content to fetch toekn.
Sample .Net code I used to fetch Bearer Token successfully:
var result = client.PostAsync(ApiUrl).Result;
string strRes = result.StatusCode.ToString();
if (strRes == "OK")
{
var obj = Newtonsoft.Json.JsonConvert.DeserializeObject(result.Content.ReadAsStringAsync().Result);
varToken = obj.Token;
}
Use POST method in Azure data factory web activity to get the access token from an API.
Add header as content-Type: application/x-www-form-urlencoded and pass the access credentials in the body part.
You can refer to this link1 & link2 for working examples.
I tried to automate using karate framework following steps which I did in postman.
How I tried in Postman:
On Authorization tab select OAuth 2.0
Select Header Prefix Bearer
Grant-Type is "Implicit"
I put Callback URL
I put Auth URL
I put Client ID
Select "Client Authentication" as Send as Basic Auth Header.
I used following code in order to get Access token
Background:
* url 'Auth URL'
Scenario: Verify the user details using OAuth2 Implicit grant type
* form field callbackurl = 'callbackurl'
* form field grant_type = 'implicit'
* form field client_id = 'client id'
* form field username = 'username'
* form field password = 'password'
* method post
* status 200
* print response
* def accessToken = response.access_token
* path 'resource'
* header Authorization = 'Bearer ' + accessToken
# * param access_token = accessToken
* method post
* status 200
In output I got
// UserpoolId is not available on frontend for springboard. We do not use userPoolId
// anyway other than put in context data.
var userPoolId = "";
var clientId = getUrlParameter("client_id");
I do not know where I am wrong. Please provide your help. Thanks!
Been tasked to export forms and items from Podio using the API. Trying to do this with straight Python and Requests instead of the canned API tool. Am successful at retrieving the access and refresh tokens, but am unable to make the simplest Get request. The response has the error:
"error_description":"Authentication as None is not allowed for this method"
Tried this with 2 versions of using OAuth2 in Requests, both return that response.
What is it trying to tell me? Aside from giving the token, is there any other authentication attributes required?
client = BackendApplicationClient(client_id=CLIENT_ID)
oauth = OAuth2Session(client=client)
token = oauth.fetch_token(token_url=auth_url, client_id=CLIENT_ID,
client_secret=CLIENT_SECRET)
print('token:', token)
access_token = token["access_token"]
api_url = base_url + 'user/status'
r = oauth.get(api_url)
print(r.text)
headers = {'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',
"Authorization": "Bearer " + token["access_token"]}
response = requests.get(api_url, headers=headers, verify=True)
print(response.text)
Here is full response:
{"error_parameters":{},"error_detail":null,"error_propagate":false,"request":{"url":"http://api.podio.com/user/status","query_string":"","method":"GET"},"error_description":"Authentication as None is not allowed for this method","error":"forbidden"}
How to generate OAuth 2.0 token via karate.
How we have tried in Postman:
On Authorization tab select OAuth 2.0
Select Header Prefix Bearer
Grant-Type is "Authorization Code"
Callback URL is selected as when we will click submit it redirects to a browser where we have to enter credentials and a user is validated once it is validated the browser redirects back to Postman
Add "Auth URL" and "Access Token URL"
Enter "Client ID" and "Client Secret"
Select "Client Authentication" as Send as Basic Auth Header.
Postman then redirects to a browser where we enter username and password and once authenticated it redirects user back to postman with access token.
Question:
When we provide grant_type as "authorization code" in Karate we are getting an error as {"error":"unsupported_grant_type","error_description":"Unsupported grant_type"}. What to provide here as when we provide "password" we are getting 401 and when we provide "authorization code" we are getting 400.
Secondly, Can we automate such scenario where a browser is invoked as well and we have to enter credentials can we achieve it via Karate as then we have to store the token and pass in the APIs?
Background:
* url 'http://localhost:8080/pathdetails'
Scenario: get all users and then get the first user by id
* path 'token'
* form field grant_type = 'authorization code'
* form field client_id = 'ourapiclient'
* form field client_secret = '324243324-3334-334-343-3432423424'
* method post
* status 200
* def accessToken = response.access_token
EDITED**********
I have now tried to send a API request to Auth URL which redirects to the browser and returns HTML page.
Given url 'http://localhost:8080/myurlpath/auth'
* form field response_type = 'code'
* form field client_id = 'abcc'
* form field scope = 'openconnect'
* form field redirect_uri = 'http://localhost:8080/redirecturlpath'
* form field state = 'cEY3R-YfsoM9232diS72COdHTA8uPv9K49pjZaPag5M.8akinzwobn8.abcd4'
* method get
* status 200
* print 'Response is........',response
This returned an HTML page which is exactly the same page I see when I send request from Postman. How to now enter username and password in karate on this html page as this page was returned as part of the response of above API.
I was expecting above will return me a code and after that I will call the request token endpoint but above redirected me to where I enter username and password and then once it is successful it redirects back to Postman and in URL I can see the code as well.
curl --request POST \
--url 'https://YOUR_DOMAIN/oauth/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=authorization_code \
--data 'client_id=YOUR_CLIENT_ID' \
--data client_secret=YOUR_CLIENT_SECRET \
--data code=YOUR_AUTHORIZATION_CODE \
--data 'redirect_uri=https://YOUR_APP/callback'
How to get the code which is needed by the token API?
I tried sending Auth API to access like below but no code or token got returned in the response.
Given driver 'http://localhost:8080/myurlpath/auth?scope=openconnect&state=cEY3R-YfsoM9232diS72COdHTA8uPv9K49pjZaPag5M.8akinzwobn8.abcd4&response_type=code&client_id=abcc&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fauth%2Fmyurlpath'
* fullscreen()
And input('#username', 'username')
And input('#password', 'password')
When click('#login')
The above doesn't return any error but it doesn't return the code I am looking for as well
#Maddy To see grant types You need access to auth0, or ask your devs to tell You what grants are implemented here you can read more:
https://auth0.com/docs/configure/applications/application-grant-types
And here You can read how to implement autorization-code flow:
https://auth0.com/docs/login/authentication/add-login-auth-code-flow
To make Your life easier You could ask devs to implement Password-realm-grant but this is not recommended.
Here is how rectify one of oAuth 2.0 token generation
* def cid = 'client_id'
* def csec = 'token_secret'
* def AuthCode = Java.type('com.test.qa.aut.authCode')
* print AuthCode.Code()
* def authentication = 'Basic ' + AuthCode.Code(cid, csec)
* print authentication
* url 'https://acpint.online.com/default/np/oauth2/'
* header Authorization = authentication
And header Content-Type = 'application/x-www-form-urlencoded; charset=utf-8'
* form field grant_type = 'client_credentials'
Then method post
And status 200
Then print response
Java class:
package com.test.qa.aut;
import java.util.Base64;
public class authCode {
public static String Code(String clientId, String clientSecret) {
String auth = clientId + ":" + clientSecret;
String authentication = Base64.getEncoder().encodeToString(auth.getBytes());
return authentication;
}
}
I get a JSON response from a Post request
{
"access_token": ".u9H5YgCCoMJHTW6SgVMxJe2aUEGHpMBbUf1456Gkj28",
"token_type": "bearer",
"expires_in": "4319",
"scope": "READ "
}
I want to take this access token and pass it in another GET API request as the following.
And header Authorization = token
what i did ?
first post api
* def response.access_token = token
Given url ''
And header Authorization = token
This is not working
I think you got confused with the syntax, both the below will work:
And header Authorization = response.access_token
or:
* def token = response.access_token
And header Authorization = token