How to use oAuth commands for different grant types
|
|
The examples provided in this article demonstrate how to use different oAuth commands to address grant type used while implementing AUT services and/or UI.
To demonstrate use of commands and how to use commands for various implementations of oAuth, I will take services made avaialble "symfornycasts". You can refer to these at http://coop.apps.symfonycasts.com/. If you would like to practice, you would first need to create an account for yourself so that you can generate clientId & clientSecret, which are required to proceed with using the examples provided in following
Typically this grant type Authorization Code Flow for OAuth 2.0 is targeted at web applications that have a server-side component, which allows the client secret for the authorization server to be kept secret (confidential client). In this example you will be shown how to access service endpoint that is secured using oAuth and with the specified grant type.
The first step is to login to the application using your credentials and the set the context before accessing the endpoint. This way when the endpoint is accessed you will be required to provide your consent only.
Solution:
| # | Command | Target | Value |
|---|---|---|---|
| Steps 1 thru 8 are used to open symfonycasts and authenticate yourself | |||
| 1 | open | http://coop.apps.symfonycasts.com/ | |
| 2 | waitForVisible | link=Login | |
| 3 | click | link=Login | |
| 4 | waitForVisible | css=body > div.container | |
| 5 | type | id=form-email | tripodtestmail@yopmail.com |
| 6 | type | id=form-password | ************* |
| 7 | click | css=button.btn.btn-primary | |
| 8 | waitForVisible | link=The Coop's API | |
| Commands 9 thru 18 are block of commands used to set grant type and provide required inputs | |||
| 9 | wsBlockOpen | ||
| Set the authentication type to oauth or oauth 2.0 for services that require oauth authentication | |||
| 10 | wsAuthenticationType | oauth | |
| Set the grant type to 01 for Authorization Code Grant | |||
| 11 | setGrantTypeForOAuth | 01 | |
| Set the client credentials client id and client secret. These details will be provided by the authorization server while registering your application | |||
| 12 | setClientIdForOAuth | TripodOAuthTest | |
| 13 | setClientSecretForOAuth | ***************************** | |
| Set the Authorization endpoint URL that will provide the temporary code that will used to generate the access token | |||
| 14 | setAuthorizationURLForOAuth | http://coop.apps.symfonycasts.com/authorize | |
| Set the token endpoint URL that provides the access token | |||
| 15 | setAccessTokenURLForOAuth | http://coop.apps.symfonycasts.com/token | |
| Give the scope for which the client application will have access to. Multiple scopes can be provides by separating the scopes by space | |||
| 16 | setScopeForOAuth | barn-unlock | |
| Set how the client credentials are provided to the endpoint token URL. Two are supported: Basic authentication header or sent as part of the body. | |||
| Valid values are Basic. Default is sent as part of the body | |||
| 17 | setClientAuthenticationForOAuth | Basic | |
| Set the redirect URL that the client application will be redirected after the authorization endpoint URL is successful | |||
| 18 | setRedirectURLForOAuth | https://www.amazon.com | |
| Set the locator of the accept button that the user will be navigated to while getting the code from authorization endpoint URL | |||
| 19 | setAuthorizeLocatorForOAuth | link=Yes, I Authorize This Request | |
| Set the http method for the endpoint URL under test | |||
| 20 | wsSetRequestMethod | POST | |
| Set the endpoint URL | |||
| 21 | wsSetRequestURL | http://coop.apps.symfonycasts.com/api/3515/barn-unlock | url |
| 22 | wsExecuteRequest | ${url} | response |
| 23 | wsBlockEnd | ||
Grant Type :: Authorization Code with PKCE:
PKCE is used to provide one more security layer to the authorization code flow in OAuth and OpenID Connect. PKCE is mainly useful for the client-side application or any web apps that are using the client secret key and used to replace the static secret used in the authorization flow.
Example used above will be reused here with a little variation to add extra commands for using PKCE. Check steps 21 & 22 wherein two additional commands are used for PKCE.
Solution:
| # | Command | Target | Value |
|---|---|---|---|
| Steps 1 thru 8 are used to open symfonycasts and authenticate yourself | |||
| 1 | open | http://coop.apps.symfonycasts.com/ | |
| 2 | waitForVisible | link=Login | |
| 3 | click | link=Login | |
| 4 | waitForVisible | css=body > div.container | |
| 5 | type | id=form-email | tripodtestmail@yopmail.com |
| 6 | type | id=form-password | ************* |
| 7 | click | css=button.btn.btn-primary | |
| 8 | waitForVisible | link=The Coop's API | |
| Commands 9 thru 18 are block of commands used to set grant type and provide required inputs | |||
| 9 | wsBlockOpen | ||
| Set the authentication type to oauth or oauth 2.0 for services that require oauth authentication | |||
| 10 | wsAuthenticationType | oauth | |
| Set the grant type to 01 for Authorization Code Grant | |||
| 11 | setGrantTypeForOAuth | 02 | |
| Set the client credentials client id and client secret. These details will be provided by the authorization server while registering your application | |||
| 12 | setClientIdForOAuth | TripodOAuthTest | |
| 13 | setClientSecretForOAuth | ***************************** | |
| Set the Authorization endpoint URL that will provide the temporary code that will used to generate the access token | |||
| 14 | setAuthorizationURLForOAuth | http://coop.apps.symfonycasts.com/authorize | |
| Set the token endpoint URL that provides the access token | |||
| 15 | setAccessTokenURLForOAuth | http://coop.apps.symfonycasts.com/token | |
| Give the scope for which the client application will have access to. Multiple scopes can be provides by separating the scopes by space | |||
| 16 | setScopeForOAuth | barn-unlock | |
| Set how the client credentials are provided to the endpoint token URL. Two are supported: Basic authentication header or sent as part of the body. | |||
| Valid values are Basic. Default is sent as part of the body | |||
| 17 | setClientAuthenticationForOAuth | Basic | |
| Set the redirect URL that the client application will be redirected after the authorization endpoint URL is successful | |||
| 18 | setRedirectURLForOAuth | https://www.amazon.com | |
| Set the locator of the accept button that the user will be navigated to while getting the code from authorization endpoint URL | |||
| 19 | setAuthorizeLocatorForOAuth | link=Yes, I Authorize This Request | |
| Set the http method for the endpoint URL under test | |||
| 20 | wsSetRequestMethod | POST | |
| Set the code verifier that will be used to generate the code challenge based on the algorithm provided in setCodeChallengeMethodForOAuth. | |||
| This is an optional command. If not used Worksoft SaaS will automatically generate the code verifier and code challenge based on the algorithm provided in setCodeChallengeMethodForOAuth. | |||
| 21 | setCodeVerifierForOAuth | *********************************************** | url |
| Set the code challenge method to specify the algorithm that should be used to generate the code challenge. | |||
| Valid values are sha-256 and plain | |||
| This is also an optional command if not provided plain will be used as the default algorithm | |||
| 22 | setCodeChallengeMethodForOAuth | sha-256 | response |
| Set the endpoint URL | |||
| 21 | wsSetRequestURL | http://coop.apps.symfonycasts.com/api/3515/barn-unlock | url |
| 22 | wsExecuteRequest | ${url} | response |
| 23 | wsBlockEnd | ||
Grant Type :: Client Credentials:
Typically Client Credentials grant is used when applications request an access token to access their own resources, not on behalf of a user.
In the following example, you will see how to implement test scripts in Worksoft SaaS to support this auth type. The example is built on the same endpoint in symfonycast.com website.
Solution:
| # | Command | Target | Value |
|---|---|---|---|
| Connect to web services using wsCONNECT commands. Open wsBlock to access services | |||
| 1 | wsBlockOpen | ||
| Set the authentication type to oauth or oauth 2.0 for services that require oauth authentication | |||
| 2 | wsAuthenticationType | oauth | |
| Set the grant type to 03 for Client Crendentails Grant Type | |||
| 3 | setGrantTypeForOAuth | 03 | |
| Set the client credentials client id and client secret. These details will be provided by the authorization server while registering your application | |||
| 4 | setClientIdForOAuth | TripodOAuthTest | |
| 5 | setClientSecretForOAuth | ***************************** | |
| Set the Authorization endpoint URL that will provide the temporary code that will used to generate the access token | |||
| 6 | setAuthorizationURLForOAuth | http://coop.apps.symfonycasts.com/authorize | |
| Give the scope for which the client application will have access to. Multiple scopes can be provides by separating the scopes by space | |||
| 7 | setScopeForOAuth | barn-unlock | |
| Set how the client credentials are provided to the endpoint token URL. Two are supported: Basic authentication header or sent as part of the body. | |||
| Valid values are Basic. Default is sent as part of the body | |||
| 8 | setClientAuthenticationForOAuth | Basic | |
| Set the http method for the endpoint URL under test | |||
| 9 | wsSetRequestMethod | POST | |
| Set the endpoint URL | |||
| 10 | wsSetRequestURL | http://coop.apps.symfonycasts.com/api/3515/barn-unlock | url |
| 11 | wsExecuteRequest | ${url} | response |
| 12 | wsBlockEnd | ||
Grant Type :: Implicit Flow:
The implicit flow is a browser only flow. It is less secure than the Code Flow since it doesn't authenticate the client. But it is still a useful flow in web applications that need access tokens and cannot make use of a backend. The defining characteristic of the implicit grant is that tokens (ID tokens or access tokens) are returned directly from the /authorize endpoint instead of the /token endpoint In the following example you will see how to automate this in Worksoft SaaS
Solution:
| # | Command | Target | Value |
|---|---|---|---|
| Steps 1 thru 8 are used to open symfonycasts and authenticate yourself | |||
| 1 | open | http://coop.apps.symfonycasts.com/ | |
| 2 | waitForVisible | link=Login | |
| 3 | click | link=Login | |
| 4 | waitForVisible | css=body > div.container | |
| 5 | type | id=form-email | tripodtestmail@yopmail.com |
| 6 | type | id=form-password | ************* |
| 7 | click | css=button.btn.btn-primary | |
| 8 | waitForVisible | link=The Coop's API | |
| Commands 9 thru 18 are block of commands used to set grant type and provide required inputs | |||
| 9 | wsBlockOpen | ||
| Set the authentication type to oauth or oauth 2.0 for services that require oauth authentication | |||
| 10 | wsAuthenticationType | oauth | |
| Set the grant type to 04 for Implicit Code Grant Type | |||
| 11 | setGrantTypeForOAuth | 04 | |
| Set the client credentials client id and client secret. These details will be provided by the authorization server while registering your application | |||
| 12 | setClientIdForOAuth | TripodOAuthTest | |
| 13 | setClientSecretForOAuth | ***************************** | |
| Set the Authorization endpoint URL that will provide the access token to call the endpoint URL under test | |||
| 14 | setAuthorizationURLForOAuth | http://coop.apps.symfonycasts.com/authorize | |
| Give the scope for which the client application will have access to. Multiple scopes can be provides by separating the scopes by space | |||
| 15 | setScopeForOAuth | barn-unlock | |
| 16 | setAuthorizeLocatorForOAuth | link=Yes, I Authorize This Request | |
| Set how the client credentials are provided to the endpoint token URL. Two are supported: Basic authentication header or sent as part of the body. | |||
| Valid values are Basic. Default is sent as part of the body | |||
| 17 | setClientAuthenticationForOAuth | Basic | |
| Set the redirect URL that the client application will be redirected after the authorization endpoint URL is successful | |||
| 18 | setRedirectURLForOAuth | https://www.amazon.com | |
| Set the http method for the endpoint URL under test | |||
| 19 | wsSetRequestMethod | POST | |
| Set the endpoint URL | |||
| 20 | wsSetRequestURL | http://coop.apps.symfonycasts.com/api/3515/barn-unlock | url |
| 21 | wsExecuteRequest | ${url} | response |
| 22 | wsBlockEnd | ||
|
|
|