search

apache / jmeter

Apache JMeter open-source load testing tool for analyzing and measuring the performance of a variety of services
https://jmeter.apache.org/
Apache License 2.0
7.97k stars 2.02k forks source link

Can't access Token with OpenID Connect authorization code flow #6227

Open EmCode1 opened 4 months ago

EmCode1 commented 4 months ago

Hello. I'm attempting to access the Token endpoint, following the required steps, corresponding to the OIDC Authorization code flow:

  1. GET request to the desired page

  2. GET request to the /auth/realms/____/protocol/openid-connect/auth endpoint And from the response body I extract session_code, execution and tab_id.

  3. A second GET request to the /auth/realms/____/protocol/openid-connect/auth endpoint As parameters I provide the values for: response_type, client_id and code_challenge_method and from the generated URL I extract the values for state, code_challenge and nonce

  4. POST request to the authentication endpoint, using the generated variables: /auth/realms/____ /login-actions/authenticate?session_code=${session_code}&execution=${execution}&client_id=__&tab_id=${tabid} and in body data I provide the required username and password.

  5. I extract the code from the Response headers of the previous request

  6. Send a POST request to the Token endpoint, using the code + a code verifier, generated using the code challenge + the hash method.

Expected result: Access token is displayed in response Actual result: An error message {"error":"invalid_grant","error_description":"User session not found"} is displayed

The same flow is working successfully in Postman. I can't seem to figure out the reason behind it. Any help would be highly appreciated.

JMeter Version: 8.6.2

Java Version: 1.8.0_391