Applies to ReadyAPI 2.8, last modified on October 18, 2019

This tutorial explains how to enable OAuth 2.0 authorization for a REST request.

To configure OAuth 2.0 authorization, you need to:

  • Create and configure an authorization profile.

  • Retrieve an access token.

1. Add an Authorization Profile

First, you need to add an OAuth 2.0 authorization profile:

  1. Open a REST request.

  2. Open the Auth panel.

    OAuth 2.0: Auth Tab

    Click the image to enlarge it.

  3. Click Add Authorization Profile.

    OAuth 2.0: Adding Authentication Profile

    Click the image to enlarge it.

  4. In the resulting dialog, select the OAuth 2.0 type and enter the profile name. Click OK.

    OAuth 2.0: Add Authentication Dialog

    Click the image to enlarge it.

2. Configure Authorization

After you add the authorization profile, you need to get an access token from the server. In this tutorial, we get it by using the Authorization Code grant type:

  • Expand the Get Access Token drop-down list.

  • Specify the authorization data. For a reference about the required parameters, see the OAuth 2.0 Grant Types section.

  • Click Get Access Token.

    OAuth 2.0: Getting Access Token

ReadyAPI will get the access token from the server and display it in the Access Token field.

OAuth 2.0: Access Token retrieved from server

Click the image to enlarge it.

Configure OpenID Connect

If your web service uses OpenID Connect, you can also retrieve the id_token value from it. You can do this for the following approaches:

The id_token value is sent in different types of parameters. You can manually assign it to any parameter. To do this, first, get it by using a Groovy Script test step with the following code:

def authEntry = context.getCurrentStep().testCase.testSuite.project.getAuthRepository().getEntry("OAuth Profile Name");
def idToken = authEntry.getIdToken();

Then, use property expansions to transfer the token to your requests, for example:

${Groovy Script#idToken}

After You Configure Authorization

OAuth 2.0 tokens can change from time to time. To avoid the need to update them manually, you can configure ReadyAPI to check if a token is up-to-date before sending a request and retrieve the token automatically. For more information about automating token retrieval, see the Automating Token Retrieval section.

See Also

About OAuth 2.0
OAuth 2.0 Grant Types
OpenID Connect Grant Types

Highlight search results