How to do a OAuth 2.0 authentication in JMeter?

Question

I'm trying to Functional test a few APIs that need to be authenticated (OAuth 2.0) and simulate this in JMeter.

I'm trying to authenticate the OAuth service for Azure cloud. Has anyone out there been able to successfully create JMeter HTTP requests to authenticate against OAuth 2.0?

Answer 1

Basically you need to add HTTP Header Manager to send Authorization header with the value of Bearer ${ACCESS_TOKEN} in order to make authenticated OAuth API calls.

Access token can be obtained in 2 major ways:

1. Get it somehow (ask for it, capture it using sniffer tool and application which you need to simulate, etc), but be aware that OAuth access tokens have limited life span (1 hour by default, this applies to point 2 as well)

2. Implement OAuth2 flow in your test, i.e. :

   • Authenticate (providing Client ID and Tenant ID)
   • Authorise (using Client ID and the code from the previous step)
   • Get Access token (providing Authorization code from previous step, code from first step, and Client ID

In regards to implementing option 2 - it will require 3 separate JMeter samplers (or alternatively you can get the access token programmatically via JSR223 Sampler)

References:

• Microsoft Azure REST API + OAuth 2.0
• AzureAD/azure-activedirectory-library-for-java
• How to Run Performance Tests on OAuth Secured Apps with JMeter