Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication using request for API testing #259

Open
astarovojtov opened this issue Nov 16, 2020 · 3 comments
Open

Authentication using request for API testing #259

astarovojtov opened this issue Nov 16, 2020 · 3 comments
Labels
question Further information is requested

Comments

@astarovojtov
Copy link

Hello

Are there any similar to sapcloud-form tools to authenticate for api testing?
As far as I see request is firing in NodeJS environment resulting in redirects to login page i.e. there is an html login page in response.body. I'm pretty sure that request is sent after authentication in browser is complete so I guess I have to authenticate to send requests from Node also?

Sorry if this is a dumb question. But I couldn't find any info on how to make it work with request/superagent. And my only guess is to grab a cookie from browser and use it for every request from Node afterwards.
@maximnaidenov
Copy link
Contributor

Hi,
currently we support only basic auth for the REST API that you call. You can have a look at our doc: https://github.com/SAP/ui5-uiveri5/blob/master/docs/usage/api.md, there is also a sample in https://github.com/SAP/ui5-uiveri5/tree/master/sample/apiTesting. But this setup requires that you specially configure basic auth in your API endpoint and this is not very convenient I agree.
We planned to implement an OAuth2.0 client auth flow (machine-to-machine) where you provide a client Id and client API key and they are used to establish a session and get token to call the API. But due to lack of interest so far, we have not done it. Additionally, this will require a configuration in the AS of such client key and this is non-trivial operation.

We have also considered "token-stealing" approach you describe and IMHO it will work fine. But the problem is that the token is stored in unique way for every platform/application - it could be global variable, some closure variable, local storage, even a cookie.
So we can't implement a universal way to steal it and send it to the backend where to use it when sending the REST calls.

But of course, if you are willing to implement something and contribute it back, I will be glad to support you with uiveri5-specific details.

@astarovojtov
Copy link
Author

@maximnaidenov Thanks for quick response. I bet using browser.executeAsyncRequest with JS fetch is the easiest approach in my situation. If I find somtheing better I'll keep you posted

@maximnaidenov
Copy link
Contributor

yes, this will be the way to get it down to nodejs side. But IMHO the tricky part is getting the token out of the app. You can play directly in the console and once you know where to take it, just inject the code with executeAsync().

@tsaleksandrova tsaleksandrova added the question Further information is requested label Dec 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@maximnaidenov @astarovojtov @tsaleksandrova