Most of the people facing the problem of handling Access Toke in JMeter during the performance testing activities. First we will see how the Access Token works?
When a secured site (HTTPS) is accessed by another site then it requires an Access Token for validation and subsequent communication purpose. The following chain of events occurs in order to Site 1 to access User X’s information on Site 2.
- Site 1 registers with Site 2 and obtains a Secret and an ID.
- When User X tells Site 1 to access Site 2, User X is sent to Site 2 where it tells Site 2 that the person would indeed like to give Site 1 permissions to specific information.
- Site 2 redirects User X back to Site 1, along with an Access Code or Token.
- Then Site 1 passes that Access Token along with it’s Secret back to Site 2 in return for a Security Token.
- Site 1 then makes requests to Site 2 on behalf of User X by bundling the Security Token along with requests.
Now, we will see the solution to solve Access Token issue in JMeter by following below steps as part of the correlation activity:
- While launching Home (Login page) server generates unique code ID and execution ID. These IDs are sent back as a response of first request (homepage URL)
- These IDs need to be captured in two separate RegExs.
- The next request contains Username, Password, code ID and execution ID. This request is redirected to the authorization server (to get access token).
- The redirected request having access token which needs to be captured in another RegEx.
- Add a Regular Expression Extractor post-processor in the request referred in step 3. Give a reference name (say accessToken), select “Field to Check” as “URL” or “Response Header” (as per application) and write the regular expression access_token=([\S]+).
- Use this access token (generally passes in request header) wherever is required.
e.g. Authorization: Bearer ${accessToken}.
I hope you got a basic idea on working of Access Token and handling the Access Token in JMeter.
Ref: PerfMatrix
make it perfect!
