What can be done with following scenario for API Testing Automation? - rest-assured

I have to test rest api using rest assured API. The API is spring secured(Spring security mechanism is integrated by dev team for authentication). I am able to login using rest assured api and found the JSESSIONID also.
After successful login it send http status 302 means redirection and Cookie is found in Response headers which is used for further request.
Also when I press F12, the same APIs are hit with different HTTP status code. Requested URL : http://example.com/portal/home/xyz.html. One having status code 302 and other having status code 200.
Please see the image below: Headers information after pressing F12:
I am not able to redirect to the URL with the following code :
given().redirects().follow(false);

Check the documentation about the redirect following under the following link:
https://github.com/rest-assured/rest-assured/wiki/ReleaseNotes15

Related

IOS: How to disable the user_session in the HTTP request

I'm working on supporting login by Github OAuth. But I encounter a problem:
When I log in to the Github once, the subsequence OAuth requests will fail with the 302 HTTP status.
When the OAuth request failed, the HTTP request is as follow:
The HTTP response is as follow:
I know the 302 response is caused by the "user_session" in the HTTP request.
My question is that is there any way to disable the user_sesion in the HTTP request. I want to send a totally new HTTP request for each OAuth request.
Thanks!
I tried the solution at Disabling cookies in WKWebView. But it doesn't work for me.
After using
myRequest.httpShouldHandleCookies = false
The WKWebView stops working. I guess it may be caused by the server cannot add cookies to our web browser.
The solution described at https://stackoverflow.com/a/31803708/10399490 works for me.
Just remove the cookies added by the Github.
I haven't verified whether the solution introduces any other side effects

Could not complete Oauth2 login

Im trying to get the access token from OAuth 2.0 Playground through POSTMAN. Theses are the configurations. When the Request the token it says Could not complete Oauth2 login. Any reason why i cannot get the token?. How to resolve this?
I also encounter the same problem yesterday. After debugging the request I figure out that postman sends the request to this domain: https://app.getpostman.com
, which is blocked in our internal network. When it is unblocked authorization request working successfully.
To add to Joshi's answer, the missing part that the Google API needs to know how
to call back to Postman.
In the first screen is where Postman shows you the callback URL to use, which as of March 2018 is https://www.getpostman.com/oauth2/callback I imagine this can change.
In the second screen is in the Google API settings where you set that callback URL. Your "Client ID for Web Application" needs to call back to Postman to complete the authorization.
In my case (ubuntu) I had to turn off SSL verification
File > Settings > General Tab > REQUEST Section > SSL certificate verification = OFF:
Source: https://community.postman.com/t/could-not-complete-oauth-2-0-login-check-postman-console-for-more-details/6350

Which HTTP response code should I give my application to say that authentication was successful?

I have an API which validates a user and I don't know what to return to my iOS application when authentication is and isn't successful. I'm currently returning a 401 error for failed authentication, but how should I tell my iOS application that authentication was successful?
You could use an HTTP 200, which indicates the request was OK without problems. You could also potentially use 201 to indicate a new session has been created.
For explanations on HTTP status codes, please see Wikipedia's list of HTTP status codes

Dropbox oauth2.0: Cross origin issue

I am trying to authorize my app using the dropbox oauth 2.0 but getting Cross origin issue. I made a GET request to https://www.dropbox.com/1/oauth2/authorize
with response_type: 'code' and client_id but keep getting the cross origin issue.
When using this "https://www.dropbox.com/1/oauth2/authorizeclient_id=CLIENT_ID&response_type=code" directly in the browser, I am redirected to the dropbox authorization page as expected.
Am I missing anything in my code?
The /authorize page (https://www.dropbox.com/1/oauth2/authorize...) is only a web page that users should be interacting with in their browser. It isn't an API endpoint so you shouldn't be attempting to call it programmatically.
If you're implementing the OAuth 2 app authorization flow, this blog post may be useful:
https://blogs.dropbox.com/developers/2013/07/using-oauth-2-0-with-the-core-api/

Generating Linkedin Access Token

I have been trying with the simple REST Client as well as the REST Plugin for Mozilla. I am getting
"HTTP/1.1 401 Unauthorized" response with
"{"error":"unauthorized_client","error_description":"the client is not authorized"}" in the body.
I have been successful in getting the auth code, and the below is the POST request for access token, (Scope is r_fullprofile)
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=AQTQeBxBzbU2aNWaQM6Ff3Z3bUd8Gyg10W9G2DdqXgWiP0q7-M55c5PLtppP7Ni3Y-6A9C8yDkj9K4VfJ7QkRUFjuV-3AknA5jAahpsFJv3wYfr8XD8&redirect_uri=https://www.google.com&client_id=75wl6j5zndvfkp&client_secret=secret
The redirect_uri=https://www.google.com is the one used for getting auth code as well.
Do we need to perform any URL encoding before making the POST request?
When I log into the linked in to my app, it has the below tokens,
OAuth User Token: c3ae4cee-1b23-xxx-9d2a-206f578dee4d
OAuth User Secret: 76bc48cc-c94f-xxx-bf9d-a663f7003383
I am not sure where it is used. we are using API & secret key to get auth code.
Thanks in Advance.
This is a 2-step process.
First, go to:
https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=YOUR-API-ID&scope=r_basicprofile&state=STATE&redirect_uri=YOUR-ENCODED-REDIRECT-URI
Then, within 10 secs of receiving the response, go to:
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&redirect_uri=YOUR-ENCODED-REDIRECT-URI&client_id=YOUR-API-ID&client_secret=YOUR-API-ID&code=THE-CODE-OBTAINED-IN-FIRST-STEP
The response of the second request will have the actual access token you need to use.
When I followed the two steps I faced an issue where I got an error as
{"errorCode":0,"message":"Access to posting shares denied","requestId":"TYWULO2WPZ","status":403,"timestamp":1497353538016}
So I had to remove the &scope=r_basicprofile since it was preventing reading all the Default Application Permissions
I faced a similar problem and the problem was with the initial authorization code. You should mention the scope=rw_company_admin or whatever it is that you want to authorize to while doing the initial redirect URL call. Something like this -
https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=your_client_id&redirect_uri=https%3A%2F%2Fwww.google.com/&state=12345&scope=rw_company_admin%20r_emailaddress%20w_share%20r_basicprofile

Resources