Can't login with Postman/JMeter since /login form is javascript. Are there workarounds to get code and state response?

A customer has asked me to load test their Drupal application, which is using Auth0 as their single sign-on solution and connected to a Drupal callback that’s using OpenID Connect. I’ve worked with other OpenID/OAuth2 setups, and typically the login forms are static forms that contain the necessary credentials, nonces, etc that allow a tool like JMeter to extract those bits and pass it onto the next request. However, Auth0’s hosted login form is all Javascript, so it does not render in a tool like JMeter or Postman. The problem I am having is that there doesn’t appear to be a way for me to automate a user logging in at Auth0 and redirecting back to the site with the correct “code” and “state” parameters, since those parameters appear to be dynamic.

Is there a POSTMAN request I can make to Auth0’s API where I can send in the client_id, client_secret, username, password, id_token, etc, and get back the “code” and “state” values needed for the Drupal callback?

Example:

Drupal Callback URL: https://example.com/openid-connect/generic?code=mDzaUSfwY-tRc1n5&state=oBZCH1GGOWcZqVS0f5je_fZtZjxvbrLNvozhLh9CdOc

Where “code” and “state” appear to be dynamic and required/validated values.

Any ideas?

Hi @briantully ,

Welcome to the Community!

Have you read through our load testing docs? If you are load testing the Auth0 APIs you should fill out a request with our support team, and they will be able to help you with your implementation details.