I want to use the Bearer Token in authorization which is generated by entering the Username and password in payload for post request.

[nayanmathur25]

Scenario 1: I have a application in which user has to provide the username and password in payload and in response it will generate the Bearer Token. I want to use the Bearer token in Authorization header to get the proper response from server instead of 401 unauthorized .

Scenario 2: I have a application in which user has to provide the username and password in payload and in response it will generate the Bearer Token with refresh interval . Once the time limit is over the tool should auto generate the Bearer token and use it for other requests.

You can use this video as a reference : https://www.youtube.com/watch?v=8wxprVcHB5w

NOTE: I m not using HappyPath Fuzzer. Less information is available for --authRefreshScript="./get_token.sh"

[en-milie]

Hi @nayanmathur25. Answers below:

1. You can use the --authRefreshScript argument. You need to create a script that does a curl with the username and password, parse the result and get the token and echo it. Something like (name it ./refresh.sh):

#!/bin/bash

curl -s --location --request POST 'https://api.server/token' \
--header 'Authorization: Basic XXX' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=user' \
--data-urlencode 'password=pwd' | jq -r '"Bearer "+.access_token'

And then: cats -s SERVER -c CONTRACT --authRefreshScript="./refresh.sh"

2. Exactly the same as above, but you add a new argument to refresh the token periodically:

cats -s SERVER -c CONTRACT --authRefreshScript="./refresh.sh" --authRefreshInterval=500

This will cal the ./refresh.sh script every 5 minutes to get a refresh token.