Support of requests sessions about restinstance HOT 27 CLOSED

@asyrjasalo My company requires a valid OAuth2 session to access our web APIs. We currently use the RF ExtendedRequestsLibrary (link below) so that the session cookies can be passed to each request after authentication.

However, the library hasn't been maintained in over 2 years and I really like the improvements/advances your library has made in API testing with RF (schemas). And so switching to RestInstance at some point would be ideal if the library supports OAuth2 sessions.

I think authenticated sessions for API level testing is a requirement for Test Engineers working in Banking/Medical software. Or any software testing that deals with sensitive data accessed via an API.

https://github.com/rickypc/robotframework-extendedrequestslibrary

from restinstance.

I believe I'm not directly answering the question here, but I'm working in an environment that has to get an authentication token from a server that requires authentication. What works for my project was merged with #113 and my workflow is the following:

• Import library with Library REST <endpoint> ssl_verify=False
• Get certificate file from server without authentication
• Authenticate (i.e. get auth token)
• Use Set SSL Verify (merged with the PR) to set the SSL verification to the retrieved cert file instead of False
• Use headers={"Cookie": "authtoken=${AUTH_TOKEN}"} in my following Post keyword(s). This could be set with Set Headers keyword as well to set the headers for the whole suite, but my test doesn't require that as it continues using other services

I hope this helps someone, but I agree that proper session support would be nice.

from restinstance.

Thanks for asking this! I am leaving this open, in case we get some discussion on this.

To everyone: Do you have an use case in mind, regarding API testing, where sessions would be beneficial or provide additional value?

Edit: @niecore likely means sessions as they are provided by Robot Framework RequestsLibrary (https://bulkan.github.io/robotframework-requests/#Create%20Session, which uses Python requests' sessions underneath) - correct me if I am wrong.

from restinstance.

+1 to the previous post.
We also need OAuth2 token to be passed with every request to API in our API tests. Would be nice to have that supported.

from restinstance.

Most of resources need to request such as login first, then could test the other resources, if can support session it will be easy to write tests.

from restinstance.

We are currently looking into creating automated tests for our software and currently we don't really have support for authentication headers such as OAuth2 or Basic Authentication. Therefore we are limited to the use of authentication cookies. We have working tests with the HTTP library (Requests), but I really would like to use this REST library...

And yes, this is also a medical application that doesn't support anonymous users....

from restinstance.

Hello,

So any traction on this or just still leaving it open? There does seem to be some interest in supporting Sessions but would it be a difficult task? Or finishing the examples/documentation as to how to handle Headers and authentication?

Thanks for your effort.

from restinstance.

+1 for OAuth support. As I mentioned in another issue of this repo (at least for the browser based flows of) OAuth the support of application/x-www-form-urlencoded request headers is required.

from restinstance.

How would this work? I don't think I am too familiar with the topic.

Would any of you mind providing a high-level proof-of-concept how this would be used in a test suite. The example does not have to be complete.

Thanks for all the comments.

from restinstance.

Alas, no high-level proof of concept. But I still would like to be able getting an OAuth token via the RESTinstance lib. Our company keeps the same token alive for a limited period of time in the test environment. So it is possible to use the token in a subsequent get request without having to open a session.

from restinstance.

Hi Aleksi,

Thanks for your reply. I might perhaps fail to understand your solution but it seems to me that my problem lies in: get certificate file and authenticate. That is something that works quite well with Postman. But when I try to emulate this in an RF script like below, I get an unauthorized error. The server fails to account for the content-type of he request. There seems to be no way for the REST command to let the server know that the request body is not json.

Get OAuth Token REST
[Arguments] ${url} ${client} ${secret}
Set Headers {"Content-Type" : "application/x-www-form-urlencoded"}
&{body} Create Dictionary client_id=${client}
... client_secret=${secret}
... grant_type=client_credentials
${resp} Post https://${url} body=${body}
Log To Console Token=${resp}

from restinstance.

Hi @etienneroijen,

The body argument only supports JSON. RESTInstance 1.1.0 introduced data (same as --data in curl) argument which supports other data formats. Could you try using that instead of body?

EDIT: As an example, it can be used just like any other argument in Robot Framework. E.g.

Get Certificate
    [Arguments]    ${endpoint}    ${client_name}
    # First create a binary file with ${client_name}, which then produces a file called ${client_name}.csr
    # ...
    Post   ${endpoint}    data=${client_name}.csr    headers={"Content-Type": "application/pkcs10"} 
    ${cert}=    Output    response body
    [Return]    ${cert}

from restinstance.

from restinstance.

Oh, you're absolutely right! It doesn't mention the data argument. We'll release new documentation soon! Sorry for that.

It should work with a dictionary, bytes, or file. If it doesn't I need to take another look at the implementation.

from restinstance.

from restinstance.

from restinstance.

from restinstance.

Yes, 1.1.0 was released a month ago as you can see from PyPI.

from restinstance.

from restinstance.

Python version 3.8 shouldn't be a problem. I have Python 3.8 as well in my local machine and it installs it just fine. Can you try installing with --no-cache-dir or --force-reinstall or even just by uninstalling it and then installing it again?

from restinstance.

from restinstance.

Do you have Robot Framework installed and in PATH? Can you also try python3 -m robot or python3 -m robot.robot? Upgrading RESTinstance shouldn't affect your robot installation in any way.

from restinstance.

from restinstance.

from restinstance.

Actually python3 is not a command for Windows. It's just python. Sorry for the confusion!

It looks like from you pip install that Robot Framework is installed under c:\python38\lib\site-packages. I haven't used Windows for work purposes in a few years so I'm not actually sure if it will place the executable in C:\python38\scripts or not (e.g. Scripts vs scripts, don't know if it's case sensitive). I would double check that the PATH is set correctly and that Robot Framework is in PATH.

from restinstance.

This issue is stale because it has been open for 30 days with no activity.

from restinstance.

This issue was closed because it has been inactive for 14 days since being marked as stale.

from restinstance.