Handling Access Token in JMeter

     Most of the people facing the problem of handling Access Toke in JMeter during the performance testing activities. First we will see how the Access Token works?

     When a secured site (HTTPS) is accessed by another site then it requires an Access Token for validation and subsequent communication purpose. The following chain of events occurs in order to Site 1 to access User X’s information on Site 2.

  1. Site 1 registers with Site 2 and obtains a Secret and an ID.
  2. When User X tells Site 1 to access Site 2, User X is sent to Site 2 where it tells Site 2 that the person would indeed like to give Site 1 permissions to specific information.
  3. Site 2 redirects User X back to Site 1, along with an Access Code or Token.
  4. Then Site 1 passes that Access Token along with it’s Secret back to Site 2 in return for a Security Token.
  5. Site 1 then makes requests to Site 2 on behalf of User X by bundling the Security Token along with requests.

     Now, we will see the solution to solve Access Token issue in JMeter by following below steps as part of the correlation activity:

  1. While launching Home (Login page) server generates unique code ID and execution ID. These IDs are sent back as a response of first request (homepage URL)
  2. These IDs need to be captured in two separate RegExs.
  3. The next request contains Username, Password, code ID and execution ID. This request is redirected to the authorization server (to get access token).
  4. The redirected request having access token which needs to be captured in another RegEx.
  5. Add a Regular Expression Extractor post-processor in the request referred in step 3. Give a reference name (say accessToken), select “Field to Check” as “URL” or “Response Header” (as per application) and write the regular expression access_token=([\S]+).
  6. Use this access token (generally passes in request header) wherever is required.
    e.g. Authorization: Bearer ${accessToken}.

I hope you got a basic idea on working of Access Token and handling the Access Token in JMeter.

Ref: PerfMatrix

make it perfect!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: