search

SeUniVr / RestTestGen

A framework for automated black-box testing of RESTful APIs.
Apache License 2.0
36 stars 9 forks source link

Is there any way to add multiple Auth headers? #16

Open F01ivor4 opened 1 year ago

F01ivor4 commented 1 year ago

I want to add multiple Auth headers when I test a application, but I don't know what to do.

davidecorradini commented 1 year ago

Hello, at the moment we do not have a way to add multiple authentication headers using the authentication script. However you could circumvent this limitation by changing the OpenAPI specification of the service adding a header enum parameter with the preferred value. This is not the optimal solution because RestTestGen might fuzz the header parameter in some requests, but this is the only way to support multiple headers so far.

We will definitely work on the support of multiple headers for authentication, and, if possible, it would be great to know which API requires it so we can use it as a case study.

Best, Davide

F01ivor4 commented 1 year ago

Thanks! I think https://appwrite.io/docs is a great example. We need both X-Appwrite-Project and X-Fallback-Cookies for auth headers. However, it can also use a single jwt, so multiple headers are not necessary.

davidecorradini commented 1 year ago

Thanks, I will check it out!