search

authorjapps / zerocode

A community-developed, free, opensource, automated testing framework for microservices APIs, Kafka(Data Streams) and Load testing. Zerocode Open Source enables you to create, change and maintain your automated test scenarios via simple JSON or YAML files. Visit documentation below:
https://zerocode-tdd.tddfy.com
Apache License 2.0
896 stars 401 forks source link

JWT token decode #351

Open automatedbegginer opened 4 years ago

automatedbegginer commented 4 years ago

Hi there !

Is there any way to decode jwt token and check for a specific value. I am using a custom step method to decode and check by part of the string. It would be much easier to do it with framework if there is a possibility.

{
  "scenarioName": "Keycloak login - get role",
  "steps": [
    {
      "name": "jwt",
      "url": "${urlKeycloakLogin}",
      "operation": "POST",
      "request": {
        "headers": {
          "Content-Type": "application/x-www-form-urlencoded"
        },
        "body": {
          "username": "${username}",
          "password": "${password}",
          "grant_type": "${grantType}",
          "client_id": "${clientId}",
          "client_secret": "${clientSecret}"
        }
      },
      "assertions": {
        "status": 200,
        "headers": {
          "Content-Type": [ "application/json" ]
        },
        "body": {
          "access_token": "$NOT.NULL"
        }
      }
    },
    {
      "name": "decode_jwt",
      "url": "keycloak_login.Auxiliary",
      "operation": "DecodeJWT",
      "request": "${$.jwt.response.body.access_token}",
      "assertions": "$CONTAINS.STRING:\"resource_access\":{\"roles\":[\"Admin\"]}"
    }
  ]
}

Best

ab

nirmalchandra commented 4 years ago

@automatedbegginer , Yes, sounds good. That will be a good feature. Can you please paste a sample Scenario file here just to have a look...? That will help us to implement the correct thing 👍

automatedbegginer commented 4 years ago

@nirmalchandra I have attached scenario, and as you can see, i am using helper method to decode JWT and then assert by part of string as i cannot return JSON object (framework is trying to deserialize it and it snaps). I think validating something by part of string is not good as order can be changed. It would be much cleaner to do assert normal way to search for value in json. Thanks

authorjapps commented 4 years ago

@automatedbegginer , We can have a look and help you. Can you copy-paste the keycloak_login.Auxiliary #DecodeJWT(...) code here? Otherwise you can ping us in Slack to discuss in detail. And requesting to join our mailing list too.

automatedbegginer commented 4 years ago

@authorjapps 

public static String DecodeJWT(String jwtToken){
        System.out.println("------------ Decode JWT ------------");
        String[] split_string = jwtToken.split("\\.");
        String base64EncodedHeader = split_string[0];
        String base64EncodedBody = split_string[1];
        String base64EncodedSignature = split_string[2];

        System.out.println("~~~~~~~~~ JWT Header ~~~~~~~");
        Base64 base64Url = new Base64(true);
        String header = new String(base64Url.decode(base64EncodedHeader));
        System.out.println("JWT Header : " + header);

        System.out.println("~~~~~~~~~ JWT Body ~~~~~~~");
        String body = new String(base64Url.decode(base64EncodedBody));
        System.out.println("JWT Body : "+ body);
        return body;
    }