vibssingh

JMeter Authorization with access token

Last Updated on

HOME

Authorization with a dynamic access token is used to pass dynamic response content to subsequent requests. This is used to validate API authorization.

In this post, we will discuss fetching an access token (dynamic response) with the help of JSON Extractor and passing it as a parameter in the subsequent request using BeanShell Assertion.

Table of Contents:

  1. Add Thread Group 1: Thread Group – Authorization Token Generation
  2. Add Thread Group 2: Thread Group – Main Request
  3. Adding Listeners to Test Plan
  4. Save the Test Plan
  5. Run the Test Plan
  6. View the Execution Status

To achieve authorization with access token, we need to create 2 Thread Groups:

Thread Group 1 – To generate Access Token  
Thread Group 2 – To pass Access Token to Request 

Step 1 – Add Thread Group 1: Thread Group – Authorization Token Generation

1. Add Thread Group

We should provide the name of the Thread Group. In this case, this thread group is used to generate the token, so named Token Generation. We want to generate only 1 token, so the Number of Threads, Ramp-up period, and Loop Count are 1 only.

2. Add HTTP Request Sampler

In the HTTP Request Control Panel, the Path field indicates which URL request you want to send

 To add: Right-click on Thread Group and select: Add -> Sampler -> HTTP Request

Add valid credentials in the parameters section.

3. Add HTTP Head Manager 

The Header Manager lets you add or override HTTP request headers like can add Accept-Encoding, Accept, Cache-Control

To add: Right-click on Thread Group and select: Add -> Config Element -> HTTP Read Manager

Add Authorization as Headers in Head Manager 

4. Add JSON Extractor

To extract the authentication token from the request, we are going to use JMeter JSON Extractor. The process of extracting a variable from a response works as mentioned below:

First, the server sends back a response, then a post-processor, like the JSON Extractor is executed which extracts part of the response and put it into a variable like ${token}.

To add: Right-click on Thread Group and select: Add -> Post Processors -> JSON Extractor

The JSON extractor requires us to follow a few steps, so we can process the JSON correctly.

1) Name – JSON Extractor
2) Apply to – we will use the defaulted Main Sample Only. The option is: The main sample only – the assertion only applies to the main sample
3) Name of created variables – BEARER
4) JSON Path Expressions – access_token

5. Add BeanShell Assertion 

An advanced assertion with full access to JMeter API. Java conditional logic can be used to set the assertion result.

To add: Right-click on Thread Group and select: Add -> Assertions -> BeanShell Assertions

Add the below-mentioned script in the Script section of BeanShell Assertion

${__setProperty(BEARER, ${BEARER})};

Step 2 – Add Thread Group 2: Thread Group – Main Request

1. Add Thread Group

Provide a name to this Thread Group. I have also provided the number of threads, ramp-up, and duration in the thread group as shown in the image

We can also parameterize the values of the number of threads, ramp-up period, and duration using a JMeter property called ___P. You can ask why we are using the property function in JMeter. It is because this makes the JMeter script configurable. We can pass any value through the command line without making any changes in the script.

___P – This is a simplified property function that is intended for use with properties defined on the command line. 

If no default value is supplied, it is assumed to be 1. The value of 1 was chosen because it is valid for common test variables such as loops, thread count, ramp-up, etc.

${__P(group1.threads)} – return the value of group1.threads

${__P(THREADS,1)} – This THREADS value will be passed through command line. If no value is passed, by default, it will choose 1.

Similarly, ramp-up and duration are parameterized.

${__P(THREADS,1)}
${__P(RAMPUP,1)}
${__P(DURATION,1)}

2. Add HTTP Request Sampler

Below-mentioned are the values used in HTTP Request to perform the test

Add a valid request body in the Body Data section (if the request is POST).

3. Add HTTP Head Manager

We have previously extracted the token from the Token Generation request. Now, it’s time to reuse it in the header section of HTTP Head Manager.

Below are the values used in the HTTP Request to perform the test.

Authorization = Bearer ${__property(BEARER)}

Step 3 – Adding Listeners to the Test Plan

Listeners

They show the results of the test execution. They can show results in a different format such as a tree, table, graph, or log file

We have added listeners – View Result Tree 

View Result Tree – View Result Tree shows the results of the user request in basic HTML format

To add: Right-click Test Plan, Add -> Listener -> View Result Tree

Step 4 – Save the Test Plan

To Save: Click File Select -> Save Test Plan as ->Give the name of the Test Plan. It will be saved as .jmx format.

Step 5  – Run the Test Plan

Click on Green Triangle as shown at the top to run the test.

Step 6 – View the Execution Status

Click on View Result Tree to see the status of Run. A successful request will be of a Green colour in the Text Section

Here, we can see that the Token Generation request is successfully processed.

The below image shows that the Main Request is successfully executed too.

Congratulation!! We can add an authorization token generated by a request add it to another request and process the request using JMeter. 

Additional Tutorials

How to download and install Apache JMeter
How to send GET Requests in JMeter
How to send POST requests in JMeter
Install Apache JMeter in Ubuntu
Constant Throughput Timer in JMeter
Posted in JMeterTagged , , , , , , , 20 Comments

20 thoughts on “JMeter Authorization with access token

    1. If you want to add Authorization to Headers in JMeter, go to HTTP Header Manager and under Headers Stored in the Header Manager, use add button and then add Name as Authorization and Value as Bearer c0b16ed4f564efde05eeb0939938ce704e9e1220

      Like

      Reply

  6. Hi vibssingh,

    I am looking to extract the bearer token from one thread but i do not have access_token its coming as response data so i did (.*) for json extractor but in the next thread the bearer token is not being picked up.

    can you help me

    Regards
    #Nipun

    Like

    Reply

    1. You need to save the bearer token that is coming from the response to a variable like here, it is saved to BEARER and then add this as authorization to the next thread. You have to add HTTP Header Manager for the next thread and pass the already created variable here.

      Like

      Reply

      1. Access token is created and then I am checking for session API. How can login be maintined in while session API script is getting executed in jmeter. Pls help.

        Like

  8. Pingback: JMeter Authorization Configuration Using A Static API Token Key - Programming Questions And Solutions Blog

  9. for me the login is working fine with status code 200 but the 2nd script its 307 temporary redirect and also when i am disabling the login thread from where i am generating the token the 2nd script is running fine with same status code 307

    Like

    Reply

  10. Thanks for good article ,if we have multiple HTTP requests in Thread2 ,in first iteration first http request fails because threat 1 and 2 start at same time so it’s missing the token ,however subsequent requests works fine . Do you know how to solve this ?

    Like

    Reply

  11. Hi, Thanks for such good explanation on this topic. Could you also share how to achieve load testing if my bearer token is getting expired in every 10 mins and I want to run my test for longer time.

    Like

    Reply

Leave a comment