When you get an access token, ReadyAPI shows you the login, consent, and other screens. Each screen is basically a web page that you interact with to grant permissions on behalf of the resource owner. In ReadyAPI you can create automation scripts to simulate the needed actions and grant permissions in unattended mode.
How to create automation scripts
You create automation scripts in the Automation editor that you can open either in the Auth Manager or in the Auth panel:
In general, creating automation scripts consists of the following steps:
3. Repeat these steps for all the pages involved in the process.
Inspect web pages
By using a developer mode in any external browser, you need to inspect web pages involved in the authorization process and find objects to interact with:
Create automation scripts
document.getElementById("tbPassword").value = "p@ssw0rd";
How automation works
During the authorization process, the screens are shown in a particular order. For each screen, you create a separate script in the Automation editor. When you get an access token, ReadyAPI shows the screens in the internal browser and runs scripts one by one. The URL change is a signal for ReadyAPI to run the next script. For example, after entering valid credentials, the authorization server shows the second page, on which it asks you whether you grant permission to the client application. The automation script in this case may look like this:
Background redirects may cause the run of the next script, while the page is not in fact changed. Besides that, an authorization server may change the authorization process by adding or skipping pages. For example, when you get an access token for the first time, it asks you to log in, while next time it remembers your account and asks only for a permission. So we recommend that you add the logic to your script that ensures that the script runs on the proper page since ReadyAPI does not detect which page is currently shown.
Follow these links to see the examples of how to configure automation:
Forced token update
By default, ReadyAPI requests a new token only when the old one expires. You can also use scripts to force ReadyAPI to update the token whether it is expired or not.
To do this, you can use the
requestAccessCode method of the OltuOAuth2ClientFacade class that assigns a new access token to the specified authorization profile. See the following script as an example:
// Import the required classes
// Get a project
def project = ModelSupport.getModelItemProject(context.getModelItem());
// Get the needed authorization profile
def authProfile = project.getAuthRepository().getEntry("Ora Bannet");
//Create a facade object
def tokenType = TokenType.ACCESS;
def oAuthFacade = new OltuOAuth2ClientFacade(tokenType);
// Request an access token in headless mode and assign it to the authorization profile we got earlier
oAuthFacade.requestAccessToken(authProfile, true, true);
// Access token retrieval may take time, so we need to pause the execution for 3 seconds to finish it. You may increase this value if needed.
// Posts a new token to the script log
log.info("Set new token: " + authProfile.getAccessToken());
|If you are using OAuth 2.0 Azure authorization, replace the
On headless machines
On headless machines where the browser window is inaccessible, you can use the same approach as described above. However, there are some things you must do first:
Install and run any X Server.
Specify the display number for your X Server (see the documentation of your X Server).
Open the testrunner.sh file in a text editor and add the following line:export DISPLAY=<ip>:<index>
ipThe IP address of the X Server.
indexThe display number you have specified.
Retrieval process exceeds timeout
The default timeout for accessing a new access token is 5 seconds. Usually, it is enough to get a new access token. If your retrieval process takes more time, the automation fails, and the ReadyAPI log contains the following messages:
WARN: OAuth2 access token retrieval timed out after 5000 ms.
ERROR: Exception in request: java.lang.RuntimeException: Unable to refresh expired access token.
The browser will display all the errors returned by the authorization server.