search

imbo / behat-api-extension

API extension for Behat, used to ease testing of JSON-based APIs
MIT License
109 stars 42 forks source link

Implement OAuth feature. #92

Closed ABGEO closed 4 years ago

ABGEO commented 4 years ago

Hi,

I implemented a feature that will enable us to send an OAuth request and set the Authorization header with the returned access token.

Now you can use: Given I use OAuth with "my_username" and "my_password" in scope "my_scope"

I think it will be useful. To have this feature in my project, I expanded the ApiContext class :)

christeredvartsen commented 4 years ago

Hi there @ABGEO, and thanks a lot for your contribution!

Would you be able to add some tests and docs for this feature as well?

ABGEO commented 4 years ago

@christeredvartsen sure. I will provide them.

ABGEO commented 4 years ago

@christeredvartsen I added some tests and updated the documentation. I think this PR is ready for review.

christeredvartsen commented 4 years ago

Could you please grant me write-access to your fork so I can push some small changes?

ABGEO commented 4 years ago

@christeredvartsen sure. I have invited you.

christeredvartsen commented 4 years ago

I've been doing some thinking (big words!), and what about we do the following change before merging:

What do you think about this? Using a client configuration restricts the extension to be using only one set of "rules" at a time, while having the details in the Given's, developers can have as many combinations as they want.

For this to work though, the Given will be a bit longer, but given good enough documentation I don't think this is a huge issue. The existing one could for instance look like this:

@Given I get an OAuth access token from :path with :username and :password in scope :scope using :clientId and :clientSecret

If we want to add support for the authorization_code grant type, we could do something like this:

@Given I get an OAuth access token from :path with code :code in scope :scope using :clientId and :clientSecret

If you think this sounds like a good idea I can push some changes to your branch and we can see where it goes?

christeredvartsen commented 4 years ago

Also, when using the password grant type, the client_secret is usually not sent, right? So the existing Given won't be as long as the one I wrote above.

christeredvartsen commented 4 years ago

So the Given could be for instance: 

@Given I get an OAuth token using password grant from :path with :username and :password in scope :scope using client ID :clientId( and :clientSecret)
ABGEO commented 4 years ago

If you think this sounds like a good idea I can push some changes to your branch and we can see where it goes?

@christeredvartsen sounds good to me. I think we can go this way.

christeredvartsen commented 4 years ago

@ABGEO Could you go over my latest commit and give it :+1: or :-1:? The step text is pretty long (a clear :-1:) but it removes the client configuration requirement which in my mind is :+1:.

ABGEO commented 4 years ago

@christeredvartsen great work :+1:

In my opinion, developers will use this step only once per Feature - in the Background block, so I think that this will not cause any problems.

christeredvartsen commented 4 years ago

Thanks a lot for the pull request. I will add some other minor stuff and release 3.0.0 in a short while.