OAuth Automation Sample (Using Azure Active Directory)

Applies to ReadyAPI 3.7, last modified on April 08, 2021

This tutorial shows you how to create an automation token retrieval using the example of Google OAuth.

Prerequisites

To create automation, you must configure the OAuth 2.0 authorization since these settings are used in the automation process.

Enabling OAuth 2.0 Authentication with Azure Active Directory

Preparation

Open any client application in a browser

To start creating automation, you need to analyze the login and consent screens in any browser that provides development tools (for example Chrome, Safari, Firefox, and so on).

To do it, you can go through the process of getting an access token by using any client application that runs in a suitable browser. Providers may also offer a playground to test an authorization process, so you can use it to explore the login and consent screens without using a client application.

In this tutorial, we will log in to the Microsoft account:

  1. Open Microsoft account portal:

    https://account.microsoft.com/

  2. Click Sign In.

Open the automation script dialog

You can open the automation editor either in the Auth Manager or in the Auth panel:

In the Auth Manager

In the Auth panel

1. Login input

At this step, we will explore the login page and create a script that simulates a login input.

  1. Right-click the login text box and select Inspect (or a similar menu item in your browser):

    Click the image to enlarge it.

  2. The browser shows the HTML element related to the input field. To interact with the element from the script, we need to get it. In our case, we can use the getElementById method, so we need the id attribute of the element:

    Click the image to enlarge it.

    The JavaScript code that enters the needed login to the input element may look like this:

    JavaScript

    document.getElementById('i0116').value = 'john.smith@hotmail.com';
  3. Now, we need to emulate clicking the Next button.

    Right-click the button, select Inspect, and find the id attribute of the button element - idSIButton9:

    Click the image to enlarge it.

    To click the button, you can use the following code:

    JavaScript

    document.getElementById('idSIButton9').click();
  4. If you test these commands in the browser’s console, you will get an error:

    Click the image to enlarge it.

    It happens because the form cannot “see” the text you set. Since the Azure login screen uses the knockout.js library, we can use it to enter the text:

    JavaScript

    ko.dataFor(document.getElementById('i0116')).usernameTextbox.value('john.smith@hotmail.com');

    The login or consent screens may use another set of libraries. You need to investigate the page source to find a suitable solution.

  5. Enter the needed code in the Page 1 section of the ReadyAPI Automation script panel:

    Click the image to enlarge it.

2. Enter password

On the next page, we need to input a password. Use the same approach to get the needed elements and simulate the required actions:

  1. Right-click the password field and select Inspect. As in the previous step, we will use the id attribute to find the element:

    Click the image to enlarge it.

    To enter the password, we need to use the same approach as the one we use on the login screen:

    JavaScript

    ko.dataFor(document.getElementById('i0118')).passwordTextbox.value('p@ssw0rd');
  2. Right-click the Next button and select Inspect. As you can see, the ID is the same as the one on the login screen.

    Use the same code to click the button:

    JavaScript

    document.getElementById('idSIButton9').click();
  3. Enter the needed code in the Page 2 section of the ReadyAPI Automation script panel:

    Click the image to enlarge it.

3. Test automation

If you run the script now, it cannot get an access token. When ReadyAPI runs the script from the Page 1 section, the page is not loaded. Instead, it is redirected to the other page, so when the actual page is loaded, ReadyAPI runs the script from the Page 2 section. Besides that, Azure asks for the login and password on the same page, so you need to insert both scripts into the Page 2 section. You can use the following script to get an access token:

JavaScript

//This function enters the login
function login() {
    ko.dataFor(document.getElementById('i0116')).usernameTextbox.value('john.smith@hotmail.com');
    document.getElementById('idSIButton9').click();
}

//This function enters the password
function password() {
    ko.dataFor(document.getElementById('i0118')).passwordTextbox.value('p@ssw0rd');
    document.getElementById('idSIButton9').click();
}

//Runs the login function after 1 second
setTimeout(login, 1000);

//Runs the password function after 3 seconds
setTimeout(password, 3000);

Click to test the automation:

Click the image to enlarge it.

Remarks

  • Depending on your Azure Active Directory settings, there can be one more page that asks if a user wants to remain signed in. In this case, you need to modify your script to click the needed button, or disable this setting.

    How to disable the setting

  • ReadyAPI performs authorization in the internal browser and does not store cookies. So, each time ReadyAPI runs automation, the authorization process is not changed. However, if the authorization server changes the process on its own end, your script may stop working.

  • Background redirects may trigger a run of the next script in the list, while the page is not in fact changed. We recommend that you add logic to your script that waits for the needed elements.

See Also

Automating Token Retrieval

Highlight search results