How to do a OAuth 2.0 authentication in JMeter?

Husain Khambaty picture Husain Khambaty · Jan 24, 2017 · Viewed 21.2k times · Source

I'm trying to Functional test a few APIs that need to be authenticated (OAuth 2.0) and simulate this in JMeter.

I'm trying to authenticate the OAuth service for Azure cloud. Has anyone out there been able to successfully create JMeter HTTP requests to authenticate against OAuth 2.0?

Answer

Dmitri T picture Dmitri T · Jan 24, 2017

Basically you need to add HTTP Header Manager to send Authorization header with the value of Bearer ${ACCESS_TOKEN} in order to make authenticated OAuth API calls.

Access token can be obtained in 2 major ways:

  1. Get it somehow (ask for it, capture it using sniffer tool and application which you need to simulate, etc), but be aware that OAuth access tokens have limited life span (1 hour by default, this applies to point 2 as well)
  2. Implement OAuth2 flow in your test, i.e. :

    • Authenticate (providing Client ID and Tenant ID)
    • Authorise (using Client ID and the code from the previous step)
    • Get Access token (providing Authorization code from previous step, code from first step, and Client ID

In regards to implementing option 2 - it will require 3 separate JMeter samplers (or alternatively you can get the access token programmatically via JSR223 Sampler)

References: