API authentication - access token - QA automation

rmoen · May 14, 2024, 5:00am

I need to authenticate through api on my webdriverio test, automating the log in screen only works while the selectors stay the same, but theu routinely change.

How to I gain an access token I can store in the browser for the current automation session?

I have can get an access token from the (test application) using ‘client_credentials’ but in the main application ‘client_credentials’ can not be ticket as it seems to only be available through machine to machine type?

How can I skip the log in screen for my automations?

karamiller7890 · May 15, 2024, 8:38am

Obtain Access Token:

Since you mentioned that obtaining an access token using client_credentials works in the test application but not in the main application, it’s important to understand the authentication flow and the available options for obtaining tokens in each application.

For the test application: If client_credentials works, you can continue using this method to obtain an access token programmatically. Ensure that your WebDriverIO test script includes the necessary API calls to fetch the token and store it for the current session.
For the main application: If client_credentials is not suitable for user-based authentication, you’ll need to explore other authentication methods such as OAuth 2.0 authorization code grant (for web applications) or password grant (for test automation purposes). These methods involve user interaction but can provide an access token that can be stored and used in your WebDriverIO tests.

Store Access Token in Browser Session:

Once you have obtained the access token, you can store it in the browser session using WebDriverIO’s capabilities for managing cookies or local storage. For example, you can use the addCookie method to add a cookie containing the access token:

browser.addCookie({
    name: 'access_token',
    value: 'your_access_token_here',
    domain: 'your_domain.com',
    path: '/',
    secure: true, // Depending on your application's security requirements
    httpOnly: true // Depending on your application's security requirements
});

Alternatively, you can store the access token in local storage:

browser.execute(function(token) {
    localStorage.setItem('access_token', token);
}, 'your_access_token_here');

Skip Login Screen:
Once the access token is stored, you can skip the login screen by including logic in your test scripts to check for the presence of the access token. If the token exists, navigate directly to the desired page or perform actions without going through the login process again.

const accessToken = browser.execute(function() {
    return localStorage.getItem('access_token');
});

if (accessToken) {
    // Access token exists, skip login screen
    browser.url('https://your_domain.com/dashboard');
    // Perform actions on the dashboard or desired page
} else {
    // Access token not found, proceed with login
    // Your login automation logic here
}

By following these steps, you can automate the authentication process, obtain and store access tokens, and skip the login hpinstantink screen in your WebDriverIO tests based on the availability of the access token. Adjust the code snippets according to your specific authentication flow and application requirements.