JMeter login and authentication sampler

Question

Could anyone please help to test the login / authentication with the following scenario?

User access the site "sitaA.com" home page. In that page, there is a button "login with oauth".

Upon clicking the "login with oauth" button, "siteA.com" redirects to "siteB.com" in which the user is able to key in username and passowrd and sign in. It authenticates (oauth) the user and returns back to "siteA.com".

siteA.com will send the client id and call back url when redirects to siteB.com.

How to achieve this using JMeter?

Thanks in advance

Answer 1

OAuth is a basically a way of getting a token. If you're load-testing OAuth-enabled application you need to do the following:

• Request temporary access token
• Authorize access token
• Change temporary access token to something permanent

You can do steps above manually, capture permanent access token via sniffer and add it to your requests as a separate HTTP Request parameter. If you have limited number of user logins to reuse in test it may do the trick for you.

However if you need to test end-to-end flow which assumes obtaining token process via JMeter you need to consider OAuth Sampler Plugin

So basically you need to do one of the following:

1. Manual 3-stepped OAuth login and capture token process followed by adding token as a parameter of HTTP Requests for each virtual user
2. Automated OAuth login process by means of JMeter OAuth sampler

If you have limited number of logins/users option 1 may be better

P.S. There is also an option for advanced JMeter users and/or Java developers to add OAuth java client libraries to JMeter lib/ext folder and use Beanshell Samplers to authenticate with OAuth. It's also likely that you'll have to use Selenium with JMeterto navigate to OAuth callback page and confirm authorized login from there.