oauth-2.0karateapigee

In Karate framework, How to retrieve APIGEE token generated out of SHA256 encrypted libraries?


In my current application under test using Karate framework, I came across TWO APIs - Token and Extended, which provides the APIGEE token value to access backend services.

API-1: Token API

Input payload (form-data) -

grant-type: authorization_code
code: *8-digit-characters*
redirect_uri: https://../oauth-code-callback
code-verifier:*28-digit-characters*
client_id: *Unique-Client-Key*

Response - {"access-token":"..."}

API-2: Extended API

Input payload (JSON) - {"access-token":"..."}

Response - "APIGEE_Token"

Looking at the input payload in API-1, code and code-verifier are SHA-256 encrypted values generated using typescript. Now, in order to generate the final APIGEE token, I need to generate code and code-verifier values using the same typescript libraries in Karate. Is there any possibility as such? Else, please suggest if there is any alternative approach for my requirement. Thanks in advance!


Solution

  • First, I suggest you check if the tokens can be generated using some standard algorithm, in that case you can re-write them in Java or JS. Examples here: https://stackoverflow.com/search?q=%5Bkarate%5D+jwt

    Else here are 2 extra creative solutions:

    1. Karate uses the Graal JS engine, so if you can get the pure-JS equivalent of the routine you need, it may be possible to load it into Karate by reading the .js file. For example read() (or karate.read()) can return a JS function, which you can then invoke within your test flow.

    2. If you have node / npm installed, you can write a command-line program that takes command-line args and returns the data you need. Note that you can even return JSON and use karate.fromString() to parse it. Karate happens to have very good support for OS command-line execution, refer: https://stackoverflow.com/a/62911366/143475 and a similar idea is described here: https://stackoverflow.com/a/51150286/143475

    3. Finally, it may well be worth it to ask your dev-team to stand-up a small REST service that returns these tokens for you in your pre-prod environment. And the moment you have a REST option, guess what Karate is really good at :) The REST is up to you.