Refresh OAuth 2.0 Access Token During Long Load Tests

Applies to ReadyAPI 3.10, last modified on October 07, 2021

In OAuth 2.0 authorization, you use an access token to authorize a request. An access token expires after some time, so you need to refresh it. ReadyAPI can do it automatically, however, when an access token should be updated during a load test, automated refreshing may fail. It happens because a number of virtual users try to get a new access token simultaneously that leads to errors. This topic describes a possible way to refresh an access token during a load test.

Overview

To avoid refreshing an access token by several virtual users, disable automated refreshing. Instead, refresh an access token from a separate scenario that is run by only one virtual user. To refresh an access token in unattended mode, use the Groovy script test step.

1. Disable automated refreshing

To prevent an access token from being automatically refreshed, set the Refresh Access Token advanced option to Manual. You can do it either by using the Auth Manager or the Auth panel:

  1. Open the Auth Manager.

  2. Select the needed profile and click Advanced.

  3. Set the Refresh Access Token to Manual and click OK:

    Click the image to enlarge it.

  1. Open any request that uses the needed authorization profile.

  2. Open the Auth panel and click Advanced.

  3. Set the Refresh Access Token to Manual and click OK:

    Click the image to enlarge it.

2. Create a script

Update the access token by using the Groovy script test step from a separate test case:

  1. Create a new test case:

    Click the image to enlarge it.

  2. Add the Groovy script test step.

    Click the image to enlarge it.

  3. Use the following script to update an access token:

    Groovy

    // Import the required classes
    import com.eviware.soapui.impl.rest.actions.oauth.OltuOAuth2ClientFacade;
    import com.eviware.soapui.support.editor.inspectors.auth.TokenType;
    import com.eviware.soapui.model.support.ModelSupport;

    // Get a project
    def project = ModelSupport.getModelItemProject(context.getModelItem());

    // Get the needed authorization profile
    def authProfile = project.getAuthRepository().getEntry("Ora Bannet");

    //Create a facade object
    def tokenType = TokenType.ACCESS;
    def oAuthFacade = new OltuOAuth2ClientFacade(tokenType);

    // Request an access token in headless mode and assign it to the authorization profile we got earlier
    oAuthFacade.requestAccessToken(authProfile, true, true);

    // Access token retrieval may take time, so we need to pause the execution for 3 seconds to finish it. You may increase this value if needed.
    sleep(3000);

    // Posts a new token to the script log
    log.info("Set new token: " + authProfile.getAccessToken());

    If you are using OAuth 2.0 Azure authorization, replace the OltuOAuth2ClientFacade class in the script with the OltuOAuth2AzureClientFacade class.

3. Create a separate scenario

To run the script only once, you need to run the created test case from a separate scenario that is run by a single virtual user. To do this:

  1. Open a load test and add a new scenario:

    Click the image to enlarge it.

  2. Add the test case containing the Groovy script test step as a new target:

    Click the image to enlarge it.

  3. Select another target in the scenario and click to remove it:

    Click the image to enlarge it.

  4. Set the Load Allocation to Per Scenario:

    Click the image to enlarge it.

  5. Select the created scenario and set VUs to 1. Also, set the Wait time to a significantly big number to avoid the scenario repeats:

    Click the image to enlarge it.

4. Schedule token refreshing

Now, schedule the created scenario to refresh the token slightly before the access token expires.

  1. Open the Scheduler page and select the created scenario.

  2. In the Inspector, specify the following options:

    • Enable the Custom Scheduling option.

    • Set the Delay Before Start option to the value that is slightly smaller than the access token lifetime.

      For example, if your access token expires after 20 minutes, specify 19 minutes.

      Note: Make sure that the process of getting the new token finishes before the old one expires.
      Tip: To change time units, use the Time units option.
    • Set the Duration option to the value smaller than for the Wait Time option of the scenario.

    • Enable the Repeat option:

      Click the image to enlarge it.

Remarks

Please note that the scenario that refreshes an access token runs for the first time only after the value you set in the Delay Before Start. If this value is close to the access token lifetime, the test may fail before the scenario runs for the first time. To avoid this, you should refresh it at the test start. You can do it by using the same Groovy script from the Setup Script or LoadTestRunnerListener.beforeLoadTest event handler.

See Also

Authentication
OAuth 2.0 and OAuth 2.0 (Azure)
Scripting
Scripting for load tests

Highlight search results