Jmeter Authentication Token

Jmeter Authentication Token

Spread the love

In a system with ‘Auth-token’ ,  the user has to supply username/password for the first time and the server returns an access-token in the header field ‘x-auth-token’. For further sessions this token is exchanged, not the username/password.The token has an expiration condition post which we have to re-generate the token.Let’s check the below case.

Condition –

  • At start of tests, generate the Token
  • Use the token in API for let say 10 users
  • If the following conditions  meet re-generate token
  • If the token has been used 100 times
  • If the token timeout period reaches which is 10 minutes.

if we create  10 threads for the API tests, and pass the Token to these 10 threads, then the first condition gets reached once there are 100 requests made and so we have to re-generate the token mid test and use that again.

Is this achievable in Jmeter? Let’s find the solutions.

Solution 1

  1. When generate the token use __time() function to store the token generation time into a JMeter Variable like ${__time(,tokenGenerationTime)}
  2. Depending on the way design of test either use __counter() function or Counter test element or a predefined JMeter variable which holds the current iteration of the Loop Controller or While Controller or Thread Group iteration to finds how many times the token was used
  3. Use If Controller with __jexl3() function to compare:
    • current time with the last token generation time
    • current counter value with 50
      ${__jexl3((${__time(,)} – ${tokenGenerationTime}) > 600000 || ${counter} > 50,)}
  4. and if time delta is >= 10 minutes and/or counter is > 50 – call regenerate token action.

 Solution 2

We can use ‘Regular Expression Extractor’ to represent any dynamic data from the request and then it can be sent to subsequent requests using ‘BeanShell PreProcessor’. This approach makes it very simple to test APIs in which we need to get an authentication token from the server and then pass it on all other requests.

1.Set the ‘ Regular Expression Extractor.

  1. a) Reference Name: Name of the variable in which the extracted text will be stored. In our example, it is ‘BEARER’.
  2. b) Regular Expression: The pattern against which the extracted text will be matched. In eg : {“access_token”:”(.+?)” because I wanted to extract everything after {“access_token”:” string until next “ (inverted) comma.c) Template: Grouping of strings within ( ) brackets. $1$ means 1st group, $2$ means 2nd group
  3. d) Match Number: Tells which match should be picked. 0 is used for random.

2.Add ‘BeanShell PreProcessor’.

We need to add BeanShell PreProcessor under the “Dashboard” request. Add below code in the script section:

The script that is mentioned in this step, will pass the BEARER value in the Authorization Header for “Dashboard” Request

We can use the above 2 methods  to capture any dynamic data from the request and then it can be sent to subsequent requests ’. This makes it very simple to test APIs in which we need to get an authentication token from the server and then pass it on all other requests.

Arun Joseph

An expert test engineer with more than 8+ years’ experience, who do test of product or system to ensure it functions properly and meets the business needs. Also take the responsible for training and managing the team.

54321
(1 vote. Average 5 of 5)
Leave a reply

Your email address will not be published. Required fields are marked *