Comments (27)
@asyrjasalo My company requires a valid OAuth2 session to access our web APIs. We currently use the RF ExtendedRequestsLibrary (link below) so that the session cookies can be passed to each request after authentication.
However, the library hasn't been maintained in over 2 years and I really like the improvements/advances your library has made in API testing with RF (schemas). And so switching to RestInstance at some point would be ideal if the library supports OAuth2 sessions.
I think authenticated sessions for API level testing is a requirement for Test Engineers working in Banking/Medical software. Or any software testing that deals with sensitive data accessed via an API.
https://github.com/rickypc/robotframework-extendedrequestslibrary
from restinstance.
I believe I'm not directly answering the question here, but I'm working in an environment that has to get an authentication token from a server that requires authentication. What works for my project was merged with #113 and my workflow is the following:
- Import library with
Library REST <endpoint> ssl_verify=False
- Get certificate file from server without authentication
- Authenticate (i.e. get auth token)
- Use
Set SSL Verify
(merged with the PR) to set the SSL verification to the retrieved cert file instead ofFalse
- Use
headers={"Cookie": "authtoken=${AUTH_TOKEN}"}
in my followingPost
keyword(s). This could be set withSet Headers
keyword as well to set the headers for the whole suite, but my test doesn't require that as it continues using other services
I hope this helps someone, but I agree that proper session support would be nice.
from restinstance.
Thanks for asking this! I am leaving this open, in case we get some discussion on this.
To everyone: Do you have an use case in mind, regarding API testing, where sessions would be beneficial or provide additional value?
Edit: @niecore likely means sessions as they are provided by Robot Framework RequestsLibrary (https://bulkan.github.io/robotframework-requests/#Create%20Session, which uses Python requests' sessions underneath) - correct me if I am wrong.
from restinstance.
+1 to the previous post.
We also need OAuth2 token to be passed with every request to API in our API tests. Would be nice to have that supported.
from restinstance.
Most of resources need to request such as login first, then could test the other resources, if can support session it will be easy to write tests.
from restinstance.
We are currently looking into creating automated tests for our software and currently we don't really have support for authentication headers such as OAuth2 or Basic Authentication. Therefore we are limited to the use of authentication cookies. We have working tests with the HTTP library (Requests), but I really would like to use this REST library...
And yes, this is also a medical application that doesn't support anonymous users....
from restinstance.
Hello,
So any traction on this or just still leaving it open? There does seem to be some interest in supporting Sessions but would it be a difficult task? Or finishing the examples/documentation as to how to handle Headers and authentication?
Thanks for your effort.
from restinstance.
+1 for OAuth support. As I mentioned in another issue of this repo (at least for the browser based flows of) OAuth the support of application/x-www-form-urlencoded request headers is required.
from restinstance.
How would this work? I don't think I am too familiar with the topic.
Would any of you mind providing a high-level proof-of-concept how this would be used in a test suite. The example does not have to be complete.
Thanks for all the comments.
from restinstance.
Alas, no high-level proof of concept. But I still would like to be able getting an OAuth token via the RESTinstance lib. Our company keeps the same token alive for a limited period of time in the test environment. So it is possible to use the token in a subsequent get request without having to open a session.
from restinstance.
Hi Aleksi,
Thanks for your reply. I might perhaps fail to understand your solution but it seems to me that my problem lies in: get certificate file and authenticate. That is something that works quite well with Postman. But when I try to emulate this in an RF script like below, I get an unauthorized error. The server fails to account for the content-type of he request. There seems to be no way for the REST command to let the server know that the request body is not json.
Get OAuth Token REST
[Arguments] ${url} ${client} ${secret}
Set Headers {"Content-Type" : "application/x-www-form-urlencoded"}
&{body} Create Dictionary client_id=${client}
... client_secret=${secret}
... grant_type=client_credentials
${resp} Post https://${url} body=${body}
Log To Console Token=${resp}
from restinstance.
Hi @etienneroijen,
The body
argument only supports JSON. RESTInstance 1.1.0 introduced data
(same as --data
in curl
) argument which supports other data formats. Could you try using that instead of body
?
EDIT: As an example, it can be used just like any other argument in Robot Framework. E.g.
Get Certificate
[Arguments] ${endpoint} ${client_name}
# First create a binary file with ${client_name}, which then produces a file called ${client_name}.csr
# ...
Post ${endpoint} data=${client_name}.csr headers={"Content-Type": "application/pkcs10"}
${cert}= Output response body
[Return] ${cert}
from restinstance.
from restinstance.
Oh, you're absolutely right! It doesn't mention the data argument. We'll release new documentation soon! Sorry for that.
It should work with a dictionary, bytes, or file. If it doesn't I need to take another look at the implementation.
from restinstance.
from restinstance.
from restinstance.
from restinstance.
Yes, 1.1.0 was released a month ago as you can see from PyPI.
from restinstance.
from restinstance.
Python version 3.8 shouldn't be a problem. I have Python 3.8 as well in my local machine and it installs it just fine. Can you try installing with --no-cache-dir
or --force-reinstall
or even just by uninstalling it and then installing it again?
from restinstance.
from restinstance.
Do you have Robot Framework installed and in PATH? Can you also try python3 -m robot
or python3 -m robot.robot
? Upgrading RESTinstance shouldn't affect your robot installation in any way.
from restinstance.
from restinstance.
from restinstance.
Actually python3
is not a command for Windows. It's just python
. Sorry for the confusion!
It looks like from you pip install that Robot Framework is installed under c:\python38\lib\site-packages
. I haven't used Windows for work purposes in a few years so I'm not actually sure if it will place the executable in C:\python38\scripts
or not (e.g. Scripts
vs scripts
, don't know if it's case sensitive). I would double check that the PATH is set correctly and that Robot Framework is in PATH.
from restinstance.
This issue is stale because it has been open for 30 days with no activity.
from restinstance.
This issue was closed because it has been inactive for 14 days since being marked as stale.
from restinstance.
Related Issues (20)
- How to use OpenApiSpecification yaml HOT 6
- RESTinstance 1.2.0: Headers are not "set", only "updated" HOT 8
- Restore sdists on pypi HOT 3
- How to validate specific http header from the response? HOT 3
- When I upgrade RESTinstance 1.0.2 to 1.3.0 , Robot command is unrecognized HOT 3
- Add possibility to remove headers HOT 2
- Headers are kept between tests HOT 8
- Missing question mark in URL HOT 2
- Does POST keyword support serialized json string as 'body' or 'data' ? HOT 2
- Expect Response Body for type Array HOT 2
- Could not install packages due to an OSError: [WinError 87] The parameter is incorrect HOT 1
- Set Client Cert cannot accept string as list HOT 2
- Optimize dependencies HOT 2
- Remove empty Content-type Header from GET Request HOT 2
- Unit tests fail on Windows HOT 2
- Github actions fail because ubuntu-latest does not have Python 3.6 HOT 2
- Set log level also part of RF Builtin HOT 4
- RESTinstance can't import file xlsx ? HOT 2
- Unable to handle upload documents HOT 2
- Unable to upload JSON body i GET request HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from restinstance.