Capturing Authorization Tokens from Json
For authorization purposes it's possible to capture authorization tokens from a JSON response and then make it available to subsequent requests processed in a session.
- Global Session Configuration Authorization Header Override
- Per User Token Capture and Storage for each Request
Bearer tokens are often generated as part of an authentication request. For the purposes of this topic I'll use a request like this with a token named
token in the JSON response:
It's possible to use a Session Wide Override for the
Authorization header that is applied to every request that has an Authorization header:
You can override this value with:
- Manually by copying the token and pasting it into the Session Configuration
- Automatically using
A very simple way that you can set a static Authorization header is to run a request that generates an authorization token. Run the request, and then manually copy the token to the clipboard. Then paste the cookie into the Replace Authorization Session Configuration.
Once set you can now run your requests and requests should succeed as long as the token is valid.
This manual testing works well if you are stress testing purely for load, and don't care about specific individual users. Because it's static it's quick and reliable as you know exactly what's being sent. But it requires manual fixing each time you set up and run your tests
Rather than manually capturing the token, you can explicitly capture the token and store it into the Session Configuration by using the following WebSurge custom header:
This captures the token property from a JSON response and writes a Bearer token value into the
Override Cookie Value Session configuration automatically.
Because the value has been set on the Session it's now available to all requests and users and is automatically applied to any request that has an
The above is Session Specific meaning it applies to all requests for all Users that are executed. This works if you don't care about separating specific users. If all users can use the same authorization this is the quickest and easiest way to apply authentication across all requests.
If you need more control and per user tokens you can use per user authorization token capture and injection. Rather than storing the captured token in the semi-global Session configuration, the token is stored on the User's Http Context. Each user then gets a unique token that is used for each session that is tied to that user.
To do this:
WebSurge-Request-CaptureJsonTokento capture a request token
WebSurge-Request-InjectJsonTokento inject the captured token into target requests
WebSurge-Request-InjectJsonBearerToken the captured token is stored as an individual value in User Storage, so each user that is configured or automatically generated gets its own unique copy of the the token. This allows you to capture and inject different token for each user simulating unique users.
To create a token use this header on the Authentication request that produces a token. The following assumes it's looking at a JSON property called
To use the token you apply it on a request that requires the bearer token for authentication. Typically these will be update requests but may be any and all requests in an application.
To apply it to a request you'd use:
This injects the captured token named
token into the Authorization header as
Authorization: Bearer <token>
Make sure that you don't have the Replace Cookie Value setting in the Session configuration set to a fixed token value as this will always override override an explicit, or injected authorization header.
Comment or report problem with topic