top of page

Testing Authenticated User Scenarios With OAuth

A typical web application would involve users logging in to the application and interacting with the application as an authenticated user. A very common approach used for enabling such authenticated flows is using external OAuth providers such as Firebase or Cognito for authenticating the user and managing the user information.


TestChimp makes testing such scenarios extremely easy with features such as built-in templates for common external auth providers and auto suggested variables for auth token handling. The following guides through a typical test setup for such a scenario.


Prerequisite: Integrate your application with TestChimp


Step 1. Run the test scenario manually in your application.


TestChimp SDKs will capture the interactions happening across all layers of your system and create a full stack recording which you can later retrieve via the Sessions tab in TestChimp platform.


Step 2. Create Test from the Recorded Session


Click on the “Open in Test Studio” link in actions for that session.




Step 3. Add a sign in step to the test


Click on the Plus button on the first step. Select “External”, then select the corresponding built-in template (if you are using Firebase or Cognito. If you aren’t, select Custom Url… and enter your oauth providers’ endpoint). The rest of the steps assumes you use Firebase, but the same format of approach should work with any OAuth provider.




Step 4. Fill details of the request for the sign in step


The template has placeholders for the expected fields. In the case of Firebase, you need to fill in the API_KEY in the Query Params tab (this value can be found by logging in to your Firebase account). In the body tab of the request, fill in the email and password of the test account.




Step 5. Generate Request and Send


Click on Generate Request (which will generate the test request to send to the OAuth endpoint), then Send. 




TestChimp identifies the returned response contains an id token that can be used in the next steps for authorization of the requests. Clicking on “Ok” on the assist popup will create a variable (named __idToken) storing the auth token received, and update all subsequent steps with Authorization headers to use the newly created variable in the header generator (as a Bearer token).


And, that’s it!. Now, every time the test case is executed, the signin step will fetch the auth token and the subsequent requests will use the newly fetched token in their auth headers, successfully authenticating each request, enabling testing of the authenticated endpoints.


What if your authentication flow uses custom authentication headers?


The above auto-identification works when working with standard providers like Firebase. However, if your system uses custom authentication headers - such as storing in a custom cookie the received token, and then sending it in the subsequent requests, you can utilize variables in TestChimp to achieve the authenticated flow testing. The following explains the steps:


Step 1. Identify the Authentication Token field in the auth step

Say your authentication step returns a token in the body of the response that should be used in the subsequent steps. Click on the action menu on that field, and click "Set as variable" like below:



Give the variable name from the opened variable store drawer.



Step 2. Use the variable in the subsequent steps as needed

Say your subsequent API requests expects the token to be passed in a header field called Auth-Token. Use the above defined variable like below:



And you are good to go. Now, during each run of your test, when the authentication step is executed, the variable will be extracted from the response body and in the subsequent steps, the variable value will be used in place of the Auth-Token header, which will authenticate the API call.

bottom of page