Open Thunderforge opened 1 year ago
Great! thank you for asking for this! :)
Since this is not something the JMeter Auth Manager already supports (I guess due to httpClient
library api limitations), which got my attention the first time I tried this, we would need to implement some custom solution if we want to simplify this over what JMeter already provides.
The usual way to solve this in JMeter is adding http headers manually, which you can do with DSL with httpHeaders
element or header
method in httSampler
.
I will open for discussion how can we further simplify this, so anyone can take part of the decision.
I think bearer token, taking into consideration already supported basic auth, could be expressed with something like this:
httpAuth()
.bearerAuth("https://myservice.com", "myToken")
DSL adds a HTTP header manager setting the token
httpHeaders
and some are set with httpAuth
.Authorization
) and Token
prefix in value.DSL adds JSR223 pre processor which checks sampler URL and adds header manager (or modifies existing one) to sampler on the fly.
Just add an auxiliary method to existing httpHeaders & sampler which allows to easily set auth token. Eg:
httpHeaders()
.bearerAuth("myToken")
Just keep with existing JMeter option of using httpHeaders.header("Authorization", "Bearer TOKEN")
Anyone has any thoughts? Any other ideas? Comments? Pros & Cons?
My personal preferred solution would be some sort of .bearerAuth()
method that works like the existing basicAuth()
method. I'm not understanding the distinction between:
httpAuth()
.bearerAuth("https://myservice.com", "myToken")
and
httpHeaders()
.bearerAuth("myToken")
Is it just a matter of scope limitation where in the former the token is limited to https://myservice.com
? If so, that looks like enhanced functionality beyond what basicAuth()
currently does.
Hello, thank you for taking the time to review the ideas and give some feedback.
Yes, the difference between the first one and the second one, is that the first one should apply only to urls that start with given URL. Why do you say it looks like enhanced functionality beyond what basicAuth()
currently does? basicAuth()
requires you too to set a URL which in fact is used to control when should it add the basic header (according to request URL), and when it shouldn't.
If we think the first one should be preferred, so far I think the best approach, considering pros/cons is adding jsr223Pre & post processors with a note on the DSL method stating that downloadEmbeddedResources()
should be avoided when using httpAuth().bearerAuth()
.
Any thoughts @kirillyu , @andy-tarr , or anyone else?
I tend to agree with you on this.
Why do you say it looks like enhanced functionality beyond what
basicAuth()
currently does?
I think that I was mixing basicAuth()
up with httpHeaders()
(the way I have been doing it bearer tokens), which does not require a URL. Consistency with the other authentication methods is fine with me.
Per the user guide:
The scenario I need is Bearer Token, so I'm posting an issue in the repository to let you know I need it 😀