maximnaidenov
commented
4 years ago Hi, currently we support only basic auth for the REST API that you call. You can have a look at our doc: https://github.com/SAP/ui5-uiveri5/blob/master/docs/usage/api.md, there is also a sample in https://github.com/SAP/ui5-uiveri5/tree/master/sample/apiTesting. But this setup requires that you specially configure basic auth in your API endpoint and this is not very convenient I agree. We planned to implement an OAuth2.0 client auth flow (machine-to-machine) where you provide a client Id and client API key and they are used to establish a session and get token to call the API. But due to lack of interest so far, we have not done it. Additionally, this will require a configuration in the AS of such client key and this is non-trivial operation.
We have also considered "token-stealing" approach you describe and IMHO it will work fine. But the problem is that the token is stored in unique way for every platform/application - it could be global variable, some closure variable, local storage, even a cookie. So we can't implement a universal way to steal it and send it to the backend where to use it when sending the REST calls.
But of course, if you are willing to implement something and contribute it back, I will be glad to support you with uiveri5-specific details.
astarovojtov
Hello
Are there any similar to
sapcloud-formtools to authenticate for api testing? As far as I seerequestis firing in NodeJS environment resulting in redirects to login page i.e. there is an html login page inresponse.body. I'm pretty sure that request is sent after authentication in browser is complete so I guess I have to authenticate to send requests from Node also?Sorry if this is a dumb question. But I couldn't find any info on how to make it work with request/superagent. And my only guess is to grab a cookie from browser and use it for every request from Node afterwards.