Open claustres opened 7 months ago
Thank you for reporting. We will discuss your requirement in the CITE team.
Thank you for proposing the enhancement.
We are indeed planning to introduce support for APIs that have access control. However, work on the enhancement will begin in the second half of 2024 or soon after the release of version 6 of TEAM Engine.
Thanks for considering it, it will help a lot. Indeed, it is currently hard to test production deployments as we can not temporarily remove the authentication. I was just wondering if supporting token/api key authentication as query parameter could almost work "as is". Indeed, if you provide the token in the initial URL under test, e.g. myservice.com?token=xxx
and the conformance suite only uses links returned by the API, which also contains the initial token, this could probably work. But I do not know the internals and it might not be that simple.
First of all thanks for this useful tool that helps us enhance our service.
Describe the bug
I would like to test a service protected with a jwt given as a query parameter with the all-in-one jar. If I remove the protection the tests are running almost fine with e.g. the following results:
<testng-results total="211" passed="178" failed="0" skipped="33">
However, the tests stop quickly with the following results when enabling the protection:<testng-results total="42" passed="1" failed="3" skipped="38">
One of the first test to fail which probably causes others to be skipped is the following:
One can see the jwt query paramter is lost.
To Reproduce
test-run-props
like this:<entry key="iut">https://api.irsn-planet.staging.ul2i.fr/kfs?jwt=XXX</entry>
java -jar ./ets-ogcapi-features10-1.7-aio.jar -o . -h ./test-run-props.xml
Expected behavior
The test suite should be able to reach the landing page if the token is provided in the base URL. After this, as all links provided in responses by the service should keep the token I guess it should work as usual.
Additional context
The service can also be protected with the token given in header (Bearer JWT) if it helps.
I can provide you with a test token through a secured private channel if required.
Thanks for your support.