Invoking a secure API endpoint with rest assure using OAuth2 access token
Hi, all welcome to another of my lockdown blog series posts. I will show how we can invoke a secured API endpoint with RestAssure using an OAuth2 access token. For this post, I will be using an application that I have created on [1].
As we all know OAuth2 is an authorization framework that enables applications to obtain access to user accounts for specific scopes. OAuth2 provides various grant types such as client_credentials, Authorisation code, implicit and Resource owner password client. For this post, I will be using the client_credentials grant type within the RestAssure test.
So the below discussion assumes that you have already created an application on[1] and have the relevant client id and client secret with you. So the first step for this task is to create a maven project with your favorite IDE. To start working with rest assure we need to first add the required dependencies.
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>restAssureProject</groupId>
<artifactId>training</artifactId>
<version>1.0</version>
<dependencies>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-all</artifactId>
<version>1.3</version>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-junit</artifactId>
<version>2.0.0.0</version>
</dependency>
<dependency>
<groupId>com.jayway.restassured</groupId>
<artifactId>json-schema-validator</artifactId>
<version>2.8.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/io.rest-assured/rest-assured -->
<dependency>
<groupId>io.rest-assured</groupId>
<artifactId>rest-assured</artifactId>
<version>4.3.0</version>
<scope>test</scope>
</dependency>
<!-- https://mvnrepository.com/artifact/org.testng/testng -->
<dependency>
<groupId>org.testng</groupId>
<artifactId>testng</artifactId>
<version>7.1.0</version>
<scope>test</scope>
</dependency>
</dependencies>
</project>
Once the dependencies are added our first task is to write a method that would generate the access token. For this, I will be using the client_id, client_secret and the grant type as client credentials as generated by the application.
Response response=null; public String getAccessToken(){ response= RestAssured. given() .formParam("client_id","test_test") .formParam("client_secret", "5fc9cfc6cc2aabc123abc12d12563fg8") .formParam("grant_type","client_credentials") .post(" http://coop.apps.symfonycasts.com/token"); String accessToken=response.jsonPath().get("access_token"); return accessToken; }
So, as we can see from the above code we are passing the client_id,clent_secret as formParams along with the grant type and we are calling the token endpoint. Next, the getAccessToken method will obtain the accessToken from the response and pass it as a String.
@Test
public void testMethod(){
String accessToken=getAccessToken();
response=RestAssured.
given()
.auth()
.oauth2(accessToken)
.post("http://coop.apps.symfonycasts.com/api/817/barn-unlock");
Assert.assertEquals(response.getStatusCode(),200);
}
In our test method the first line we obtain the access token returned by the getAccessToken method. next, we call the API endpoint and hit the endpoint with the barn-unlock scope. Once the POST call is made the test will assert if the response returned for the API invocation is a 200.Hope this post helped you to get an idea of how we can use OAuth2 with RestAssure for API Test automation.
Reference
[1]http://coop.apps.symfonycasts.com/
Comments
Post a Comment