A customer has asked me to load test their Drupal application, which is using Auth0 as their single sign-on solution and connected to a Drupal callback that’s using OpenID Connect. I’ve worked with other OpenID/OAuth2 setups, and typically the login forms are static forms that contain the necessary credentials, nonces, etc that allow a tool like JMeter to extract those bits and pass it onto the next request. However, Auth0’s hosted login form is all Javascript, so it does not render in a tool like JMeter or Postman. The problem I am having is that there doesn’t appear to be a way for me to automate a user logging in at Auth0 and redirecting back to the site with the correct “code” and “state” parameters, since those parameters appear to be dynamic.
Is there a POSTMAN request I can make to Auth0’s API where I can send in the client_id, client_secret, username, password, id_token, etc, and get back the “code” and “state” values needed for the Drupal callback?
Example:
Drupal Callback URL: https://example.com/openid-connect/generic?code=mDzaUSfwY-tRc1n5&state=oBZCH1GGOWcZqVS0f5je_fZtZjxvbrLNvozhLh9CdOc
Where “code” and “state” appear to be dynamic and required/validated values.
Any ideas?