OAuth2 in Tsung

[janekolszak]

Hi!

1. Is it possible to use Tsung with OAuth2?
2. If not - are there any plans to implement this awesome feature? :)

Thanks,
Jan

[tisba]

Hey @janekolszak!

I'm not terribly familiar with OAuth2 and all the different flows/grant types. But AFAIK as I remember, there is no need to do something special (like calculating hashes or cryptographic signatures).

The complexity arises from the steps a user is requested to do, e.g. for the "Authorization Code" grant: You have to follow redirects, parse HTML, log into applications, … – basically simulate the user interaction part. If your OAuth2 server does not require to run JavaScript, I don't see a reason, why you cannot build a test case with "plain" tsung (you can look for Location headers to follow redirects, you can extract tokens from JSON and XML responses easily).

What kind of grants are you interested in?

[janekolszak]

Thanks @tisba!
I'm using the Implicit Grant for my web app (https://github.com/andreassolberg/jso)

1. So you say it's possible to "simulate" user's actions, obtain the oauth2 token and then use it with the service's restful API?
2. Do you know of any examples I could use?

[tisba]

Urgs, I somehow totally missed your reply.

I don't have any examples. Most tests I do, do not test the authentication service. So we usually generate tokens (or obtain them otherwise) and use them to authenticate to the service that is actually under test.