Automated testing for APIs secured with Authorization Code Grant type Oauth

Not applicable

Hi All,

I am sure that most of the APIs use 3 legged Oauth flow for securing APIs. Now my question is how do you do automated testing of different flows involved in an API call secured with 3 legged Oauth flow as it involves user consent in the flow?

For APIs secured with client credentials or password grant it is quite easy to automate with any testing tool/ framework like Postman/Mocha.

Do you have any suggestions for a framework that can help in automated testing of such APIs.

Thanks in Advance!!

1 1 1,064
1 REPLY 1

Hi,

I would like to see other discussion on this topic, but... my view is that the testing of the APIs ought to be separate from the testing of the token dispensary.

The only time there is a 3-legged flow involving User Authentication and consent is when the token is issued. The APIs themselves can be tested with any token.

OK, having said that...

I have used selenium with good results when testing browser-based apps. In case you are not aware, Selenium is a framework for programmatically automating browsers. You can use it to perform "synthetic" login and consent actions via a UI, and to check the resulting Web UI response. Your selenium tests might load in a username / password combination from a configuration file, and automatically open a browser and submit the appropriate form when necessary in the 3-legged flow. The test would then obtain a code, and you could then automate the exchange of the code for a token.

Have you looked into Selenium?