Auth0 Home Blog Docs

Performance testing using JMeter script on an OAuth 2.0 Secure Web Application

authentication

#1

I’m trying to run a basic performance test using JMeter script on an OAuth 2.0 Secure Web Application. I am having trouble getting pass authentication, particularly the /login/callback request even though I already passed in the expected parameters (wa, wresult, wctx).

According to https://www.blazemeter.com/blog/how-run-performance-tests-oauth-secured-apps-jmeter (In Option 3: OAuth 2.0 section), I’ll need to get an OAuth2Token and set it to my Header Manager. Can you confirm that it is true and where can I get the OAuth2Token?


#2

A couple of things to note here, the parameters you mentioned wa, wresult and wctx are associated with WS-Federation and not exactly OAuth2.

In addition something like that will, in general, highly depends on the client application itself. For example, after the initial authentication dance following a specific protocol the application can decide to create a local session and that means subsequent request are validated according to local session and not with any tokens issued as part of the protocol.

In conclusion, the suggestion in the linked blog post will only apply if the application authorizes each request solely based on a token issued by an OAuth2 transaction. Given this is specific to a given tool (JMeter) I would also suggest you to consider more general Q&A forums like StackOverflow where you may reach an audience with much more knowledge on that tool.


#3