search

Endava / cats

CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance.
Apache License 2.0
1.14k stars 73 forks source link

how can i use oauth 2.0 for any application #134

Open nayanmathur25 opened 1 month ago

nayanmathur25 commented 1 month ago

I would like to know how can i use oauth 2.0 for my application . I have the necessary details like client_id and password and url. It will be really useful if you can answer what all details i have to mentioned in --headers file and the format.

en-milie commented 1 month ago

You can use the --authRefreshScript argument. You need to create a script that does a curl with the username and password, client_id, etc., parse the result and get the token and echo it. Something like (name it ./refresh.sh):

#!/bin/bash

curl -s --location --request POST 'https://api.server/token' \
--header 'Authorization: Basic XXX' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=user' \
--data-urlencode 'password=pwd' | jq -r '"Bearer "+.access_token'

And then: 

cats -s SERVER -c CONTRACT -H "Authorization-Header-Name=auth_script" --authRefreshScript="./refresh.sh"

Exactly the same as above, but you add a new argument to refresh the token periodically:

cats -s SERVER -c CONTRACT -H "Authorization-Header-Name=auth_script" --authRefreshScript="./refresh.sh" --authRefreshInterval=500

This will cal the ./refresh.sh script every 5 minutes to get a refresh token.

Please make sure you replace the Authorization-Header-Name with the exact name expected by the service.

Does this help?

en-milie commented 2 weeks ago

@nayanmathur25 Does it work with the suggested approach?