I can't call a twitter api using jmeter.
I always get a 403 http status code. I used the same authorisation in postman and it works.
below is the authorisation I used in postman:
oauth 1.0 in postman
Do I have to install new plugins or config the http authorization manager.?
Can anyone provide me with the details how to call a twitter api.
for example this API: https://api.twitter.com/1.1/search/tweets.json
I would recommend going for JSR223 Sampler and Groovy language so you will be able to:
Either use hbc library (Twitter official Java client) to call Twitter API methods
Or go for oauth-signpost library in order to build and sign your HTTP requests, this approach is described in details in the How to Run Performance Tests on OAuth Secured Apps with JMeter guide
Related
How to generate OAuth2.0 access tokens in Jmeter.?
I'm able to get the setup for Postman using OAuth2.0. However, when I want to test these and develop script in JMeter, I am unable to get through it.
This postman setup doesnt ask for client_secretKey only required client_Id, instead it pops up a window where I enter the username and password and then it is redirected/called back to my application URL.
When I looked into the URL, it has the following parameters
https://product.auth0.com/authorize?
redirect_uri=abc.com
client_id=XXX
errorPath=%2Ferror
scope=openid%20profile%20email%20offline_access
response_type=code
response_mode=query
state=dynamicvalue1
nonce=dynamicvalue2
code_challenge=dynamicvalue3
code_challenge_method=S256
auth0Client=staticvalue HTTP/1.1
I know client_secretKey, now I am wondering if I can able to get to the authorisation/authentication of the application by using the client ID, secretKey grant type etc?
Please suggest on ways I can connect to and access the application.
Postman is a browser plugin, JMeter is not a browser hence it cannot "pop up w window"
The easiest way of capturing the network requests from Posman in JMeter is just recording it using JMeter's HTTP(S) Test Script Recorder.
Start JMeter's HTTP(S) Test Script Recorder
Import JMeter's certificate into Postman
Configure Postman to use JMeter as the proxy
Run your request in Postman.
JMeter should generate proper HTTP Request sampler and HTTP Header Manager and you should be able to replay the request.
Identify the dynamic parameters and perform their correlation
You should be able to replay the authorization flow using JMeter now.
I need to create an organizational feed to host nuget packages shared among projects on our Azure DevOps environment.
After several unsuccesful attempts and research, I discovered that the only way to create an organizational feed is, by design from Microsoft mouth, the Azure DevOps API.
Source for the claim : This question on VS dev community
and The MS docs on project-scoped feeds
Basically, I just need to be able to perform a POST here :
https://feeds.dev.azure.com/{organization}/_apis/packaging/feeds?api-version=5.1-preview.1
with the body :
{
"name": "{myfeedname}",
"hideDeletedPackageVersions": true,
"upstreamEnabled": true
}
And of course, a Bearer token to authenticate myself. That's the point where I'm confused.
What is the simplest way to obtain one ? I'm logged in through my company Microsoft AD account on my computer browser on Azure DevOps. I don't see any Bearer token that I can "steal" to use in PostMan in my browser dev tools.
The API docs described some relevant info, but I'm confused on how to use it in Postman :
Security oauth2
Type: oauth2
Flow: accessCode
Authorization URL: https://app.vssps.visualstudio.com/oauth2/authorize&response_type=Assertion
Token URL: https://app.vssps.visualstudio.com/oauth2/token?client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer
Scopes Name Description
vso.packaging_write Grants the ability to
create and read feeds and packages.
Here is the interface in Postman for OAuth2:
Ican see how the info in the docs relates to the fields 1 - 2 - 3 - 4, but then, what callback url should I use ? What credentials ? my Microsoft email + password from AD ?
I tried this, and all I seem to get is this from Postman :
{"$id":"1","innerException":null,"message":"A potentially dangerous Request.Path value was detected from the client (&).","typeName":"System.Web.HttpException, System.Web","typeKey":"HttpException","errorCode":0,"eventId":0}
TLDR
How do I properly proceed to get a token with Postman, or other tool to manually execute my one-time request to Azure DevOps REST API ?
notes :
Following info here : Unable to get Authorization code for Devops using Postman oAuth2.0
, leading here : https://github.com/Microsoft/azure-devops-auth-samples/tree/master/OAuthWebSample , I understand that I have to register and run a whole web application. Am I understanding this correctly ? I there a simpler way ?
I understand that I have to register and run a whole web application. Am I understanding this correctly ? I there a simpler way ?
Yes, you are right. You have to register whole web application.
As the interface in Postman for OAuth2, we need provide the CallbackUrl, ClientID, ClientSecret and so on. Then, we check the document Requesting an OAuth 2.0 token, we could to know the Callback URL is:
The client application callback URL redirected to after auth, and that
should be registered with the API provider.
So, we have to register an OAuth client app in Azure DevOps (https://app.vsaex.visualstudio.com/app/register), then we could get the following information, like:
You could check the document Authorize access to VSTS REST APIs with OAuth 2.0 for some more details.
AFAIK, there is currently no simpler way to get a bearer token to send requests to the Azure DevOps API.
Hope this helps.
I am developing a performance test script for hybrid mobile application using Rational Performance Tester V9.0 & V8.7.
The mobile application sends the request to IBM Mobile First Server v8.0 which authenticates its user using OAuth with JWT (JSON Web Token).
I tried enhancing the script and replayed but it fails at login step in an API which requests for token /mfp/api/az/v1/token
Below mentioned is the request & response for the API call,
URI: POST /mfp/api/az/v1/token
Request:
client_assertion=eyJhbGciOiJSUzI1NiIsImp3ayI6eyJhbGciOiJSUzI1NiIsImUiOiJBUUFCIiwiZXh0Ijp0cnVlLCJrZXlfb3BzIjpbXSwia3R5IjoiUlNBIiwibiI6IjAtX19nSjFLWnZsVlU5M1JGRlFuZk80TGdLeUhTN3hIMVg3RUw2ZGhKa1B6SGQ0cUhEaHdFQzFIT0k0cHhmeEMzZWh6M1I3cXQtU3A5WnpOb3o4Z1lDTVRmSmh3T21OZWh5dkNkMDU3V09PVjB1b0ZPQmFpS21pMG9qdHJoMFMzMlNuS1VWTElwekxhQUZJSkhsOGtCSm9sZ21JQW9hZHNRdFpTUWg0MVJZN2c3aWNCUzlJRkRCdGdDbUtjRHlRY29VSnpTWkIxZk1ZY2VYNGFBNDZ3elkwRkdaY3hxcG11U1kwV0xCTEhDUjdLSm9oa2wwZDk4OFlSVGtuQkE3dFBLTEF4RnQxT2daQ1BYR1owWW41ZHFKN3ZwWXZtd21hc09vSFNacWp3cktMOW51MDR0QUZ1OENHZ3ZrTnZPUmJjRFRQaElvcy1iQ0J0ZFhXZjBWek1uUSIsImtpZCI6IjYxZWNkMjY2LTNjYTItNDhlYy04M2M2LTY3MTk5MGVjNzdlOCJ9fQ%3D%3D.eyJpc3MiOiJlQmFua2luZyR3ZWIiLCJzdWIiOiI2MWVjZDI2Ni0zY2EyLTQ4ZWMtODNjNi02NzE5OTBlYzc3ZTgiLCJleHAiOjE1Mzk3Nzc3NjMxNzQsImlhdCI6MTUzOTc3NzcwMzE3NCwianRpIjoiLTQ0NjkwNTY3Njc4NzAzMTYyNzEiLCJhdWQiOiJhei92MS90b2tlbiJ9.nMcfmOPDcLjONOXhF%2B3mArM87AiPfqEPp5Bk815f9Dg7VaaIgY41jeSmlWASCdmjf9Cno3%2BwHGom%2BzAEGQDdFkmBjLpCY7TnCAv9j8HzIPDubYdSQW2pq7WKVz%2FvEQ8Z5Pa8jh8aAMTlrsBnjlPoiVfcqHBh%2F2vpHZnKvkSoCOcA2TAeJnioSlp4vpWOc26IsMwKYMqZlVs9K2Z8JwHQvESKlzDu9etxYnnQfxyqunwhG%2B5T9GKgMmCAo1%2BBGqqsEtTwOG5UmhoyYIYbMnNHzHFdl8fWwMMOtpf%2F3RqjBYNeAsZ%2BTuGkskLlA5hrLiHmfOhzPYstr8tCO2IMLbTpjQ%3D%3D&code=5059335353176972418&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fuatirmob.qcdib.com%2Fmfp%2Fapi%2Faz%2Fv1%2Fauthorization%2Fredirect%2F17553a31-f583-44f9-9b7a-d8fab31b3bff&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
Response:
{"errorCode":"invalid_client","errorMsg":"Incorrect JWT format"}
I noticed that the client_assertion value carries dynamic data in JSON form when I decrypted with https://jwt.io/#debugger
Also, developed encryption logic mentioned in IBM mobile first site to generate the client_assertion value referring this link: https://mobilefirstplatform.ibmcloud.com/blog/2016/08/09/performance-testing-for-mobilefirst-foundation-8-0/
It was not successful after following the above steps.
Please provide solution to handle the /mfp/api/az/v1/token request and generate access token which will passed in the subsequent requests.
Thanks in advance.
We have documented performance testing instruction for JMeter.
Please refer to link here for more details - https://mobilefirstplatform.ibmcloud.com/blog/2016/08/09/performance-testing-for-mobilefirst-foundation-8-0/
Please refer to section "Sign grant code" and ensure you are following steps properly [ https://mobilefirstplatform.ibmcloud.com/blog/2016/08/09/performance-testing-for-mobilefirst-foundation-8-0/#sign-grant-code ]
Try the latest Mobilefirst v8 build (late Oct 2018) which will fix this.
I have a problem signing an HTTP post request with the UrlFetchApp in Google App scripts. I only need to sign the request with my consumerKey, I do not need complete authorization with callback and everything. How would I be able to sign the request using OAuth encoding? Do I simply add the OAuth as parameters or as headers? I am very new to this and would appreciate any advice.
Thanks
Here is an Update on the situation: Google just added 2-legged support to their OAuth1 library. See https://github.com/googlesamples/apps-script-oauth1.
If you are using Google App Script and that library, update it to version 11.
I simply changed the access token in the example to empty string. Now everything works just fine.
Thanks!
There are no clear docs or anything. shadowhand's demo repo is broken. How to actually use Twitter Oauth provider in Kohana 3.0?
It's a bit complicated, but the steps basically are:
Build an OAuth_Consumer
Build a OAuth_Provider (twitter)
Get a request token
Redirect them to the authorize_url
Get the callback
Exchange the request token for an access token
Make API calls
Here's an example controller that does all of that: https://gist.github.com/1267793