Closed nayanmathur25 closed 2 months ago
Hi @nayanmathur25. Answers below:
--authRefreshScript
argument. You need to create a script that does a curl
with the username and password, parse the result and get the token and echo it. Something like (name it ./refresh.sh
):
#!/bin/bash
curl -s --location --request POST 'https://api.server/token' \
--header 'Authorization: Basic XXX' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=user' \
--data-urlencode 'password=pwd' | jq -r '"Bearer "+.access_token'
And then: cats -s SERVER -c CONTRACT --authRefreshScript="./refresh.sh"
cats -s SERVER -c CONTRACT --authRefreshScript="./refresh.sh" --authRefreshInterval=500
This will cal the ./refresh.sh
script every 5 minutes to get a refresh token.
Scenario 1: I have a application in which user has to provide the username and password in payload and in response it will generate the Bearer Token. I want to use the Bearer token in Authorization header to get the proper response from server instead of 401 unauthorized .
Scenario 2: I have a application in which user has to provide the username and password in payload and in response it will generate the Bearer Token with refresh interval . Once the time limit is over the tool should auto generate the Bearer token and use it for other requests.
You can use this video as a reference : https://www.youtube.com/watch?v=8wxprVcHB5w
NOTE: I m not using HappyPath Fuzzer. Less information is available for --authRefreshScript="./get_token.sh"