The refreshcredential which is shown below image is coming into Request header part. Currently I am hardcoding this token value. The token is expiring on every 5 mins. After 5 min, the test cases will get fail.
how to extract this dynamic token value and how to add it in Request header part in Jmeter.
Also How to generate this token in Jmeter after 5 min. Please guide me. Its a greatest blocker for me.
You will need to create another thread group. Add your transactions to generate token. Save it to property. Wait for 4 mins.
While doing this the two thread groups (token thread group and other http requests) will have to run parallel. Uncheck this option at Test Plan level
EDIT
To extract header follow this thread: Extract Location from Response Header with JMeter
Related
In my project, there is a configuration value for Oauth that I do not understand:
auth: {
maxIdTokenIatOffsetAllowedInSeconds: 600
},
Based on the document I am reading: https://nice-hill-002425310.azurestaticapps.net/docs/documentation/configuration
For maxIdTokenIatOffsetAllowedInSeconds It says:
The amount of offset allowed between the server creating the token, and the client app receiving the id_token.
What does the offset mean in this case? Is it like a timing unit?
I am assuming it means that each user can only receive one token every 600 seconds?
Can someone explains what does the offset mean? and what maxIdTokenIatOffsetAllowedInSeconds is doing to the token?
The docs you linked to are specifically for the angular-auth-oidc-client library so hopefully that's what you're using. In that case the maxIdTokenIatOffsetAllowedInSeconds is being used to determine how much clock skew is allowed between the issuing server and the consuming browser. In this case, 600 seconds would mean the clocks can be 10 minutes different from one another and the token will still be considered valid.
However, today I came across this issue and any value I pushed in higher than 299 was causing my token to be considered expired. I looked back through the changelog and found a recent-ish PR that added this check and a new configuration value that allows you to ignore it (disableIdTokenValidation).
I am having issues running a GET against both the schedules and shifts v1.0 API. The documentation on the MS KB doesn't indicate that this is in preview any more, so I'm unsure what we're doing wrong here. The API is running with an app-only auth token
Postman screenshot
Currently we are doing prelim testing via postman to ensure we can use the API correctly.
The app in question has been given the following permissions:
Schedule.Read.All
Schedule.ReadWrite.All
We can view the teamId information correctly at https://graph.microsoft.com/v1.0/teams/{{TeamId}}, but schedules or schedules/shifts returns the error
Based on a previous answer I saw, I added the MS-APP-ACT-AS header with a UserId to act as, but it returned the same error
Thanks
Try to use this header instead:
MS-APP-ACTS-AS
In your question you wrote:
MS-APP-ACT-AS
(Missing the 'S')
I have successfully created a client side script function that removes and reinstates all conditional formatting on a templated Sheet (to maintain a prescribed conditional formatting regime without locking cells). I have placed a call to this function in the sheets onOpen() event handler. When in the Script Editor I explicitly run the onOpen handler all works well. When I open the sheet and let the onOpen event run naturally I get an authentication error in response to the batchUpdate call that requests the Conditional Formatting changes:
Execution failed: Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential.
1) Is there a logical explanation why the code does not fail authentication when I run the code explicitly from the Script Editor while it does fail in response to the onOpen event firing?
2) I have followed the OAuth 2 links and am a little overwhelmed, can anybody please direct me to a simple set of actions I need to take to allow me to make a client side script work with the Sheets object to which it is attached for all users? Is this a more difficult endeavour than I had anticipated?
Update: I got my code to work in script attached to a spreadsheet. An installable trigger was used to send API batch update requests of Conditional formatting - all good so far. I have a number of spreadsheets that I want to use the script, so I created a version of the script and added it as library to the first "new"spreadsheet. I had to authorize the API in that new sheet but once done the library trigger event fired at the appropriate point. However, despite the API batch update request being written in the context of an installable trigger (in the library file) execution again failed with the original error message:
"Execution failed: Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential message.
Precisely the problem the Installable Trigger had solved previously.
What extra steps must I take to avoid this error in a library trigger please?
Using Jmeter GUI, I recorded a test scenario (placing an order) and the script ran successfully. But when I replay the test scripts it doesn't function as it was recorded to do, it did not make an order.
After query the dev, found that with each item selected, the server generate a CSRF token, and put the token in the URL path (Like: /cart/add/type/product_id/7245985/_csrf_token/b46c0aec2e5891808ec42141b1956943204ae8f8) when the item is added to the shopping cart. This is all recorded in the script. This path with the token is used to add the item to cart.
My question is how to test this dynamic token when it is concatenated in the path of URL?
Any help are appreciated.
If you have not already added Tree View Listener to your Test Plan, then add it now. You can use it to view the details of requests & responses. JMeter considers a request successful if it gets "some" response from Server-side. It does not matter if the response is functionally valid or not. So, in order to make sure that JMeter is sending valid parameters and receiving expected response, you will have to check the details of requests / responses in Tree view listener.
You can also add Response Assertions to requests so JMeter itself verifies that it is getting expected responses.
Important Tips:
Use TreeView Listener for debugging only. In real load test keep it disabled as it consumes lot of memory.
Do not use response assertions excessively as they consume lot of memory as well.
JMeter is not a browser-based tool. It just deals with back-end requests. Hence it is expected to be very fast. So nothing wrong with that. You should remove un-necessary timers as there is nothing wrong with it being fast.
If your requests involve some kind of login authorization then have a look at this question for further details Load testing using jmeter with basic authentication
Recording doesn't guarantee working script, it gives you only a "skeleton" and usually you need to perform some correlation (the process of extracting mandatory dynamic parameter from previous response and adding it to the next request).
Reference material:
Building a Web Test Plan
Building an Advanced Web Test Plan
How to use JMeter for Login Authentication?
How to make JMeter behave more like a real browser
I am working on a project that requires an automated SSIS package to
connect to SurveyMonkey data store via API to incrementally download survey
results for the day or specified time period for custom reporting and low scoring task assignment.
Via OAuth I can collect a long lived access token, but due to the automated
and infinite nature of my projects lifespan, I cannot manually initiate
OAuth2 token refreshes or complete manual re-authentication cycles.
Is there another method to automatically export this data upon a scheduled
request?
Additionally, for clarification for how long is a long lived access token
valid? 60 days?
Miles from surveymonkey.com support responded to me with a great answer. I hope it can help someone down the line.
Hi Rob,
Currently our tokens should not expire - this is not guaranteed and
may change in future, but we will send out an update well ahead of
time if this does ever change. The token you receive on completion of
OAuth lets you know how long the token will last for without user
intervention, currently it returns 'null' in the 'expires_in' field.
There is no other automated way to schedule the data to be exported
currently, however it sounds like our current setup should suit your
needs
In addition to Miles's reply, it is very straightforward to pull diffs from surveymonkey using modified dates. we keep "last sync" timestamp per-survey in our database, and update it after each successful data pull.
Use the REST api directly, or (if you're using PHP) try https://github.com/oori/php-surveymonkey. We run it in production.
*note: actually, you're interested in setting the start_modified_date option for the "getRespondentList" function. but in general - see the API docs, modified date filter is available in more functions.