Highlighted
Trusted Contributor.
Trusted Contributor.
5754 views

Capture Access Token to Parameter

Jump to solution

I am working on a web page that is sending an access token similar to that used by Facebook. I'm a novice and haven't come across a post addressing how to capture the token and could use a little help. I need to capture the token generated during authenticate an place it in a parameter. I will then need to pass the token in the web header when requesting additional pages. The content type is json and looks as such:

{
"access_token": "<NOT REAL TOKEN>-psc5keQaMWlO8WyVAzS7L6hMEGckW_5UL7X09xW3xpXV6ICRx1Qtx7s3rPwIzavAI4oykCJod_iJOlB-XtrzazH0fRfrxHGNgmpl2W-PHRgH349dKt_K9vkMg8C-hAbKZf6i5sB9mkgngAn1PDI-gYsRMosb7smYe9PfZLYDd5_9a6f5Q3_-AsFiEf1QXfDwXXJEj62tORRE_IQBNZDn1kfKrHV",
"token_type": "bearer",
"expires_in": 86399
}

Any help is appreciated

0 Likes
1 Solution

Accepted Solutions
Highlighted
Super Contributor.
Super Contributor.

Re: Capture Access Token to Parameter

Jump to solution

Hi Ka33nan33,

you have to place the "web_reg_save_param_ex"-statements before transaction

web_submit_data("authenticate",
		"Action=http://cariboudevapi.dssinc.com/CaribouCLCSuiteAPI/api/authenticate",
...

The tokens you need are located in the server-response of this request.

After transaction "authenticate" you can add the header with captured tokens.

Regards, Christoph

View solution in original post

0 Likes
7 Replies
Highlighted
Super Contributor.
Super Contributor.

Re: Capture Access Token to Parameter

Jump to solution

Hi Ka33nan33,

1st, you can save the parameters from the server response (snapshot t105) with the following code before executing login:

	web_reg_save_param_ex(
		"ParamName=txtAccessToken", 
		"LB/IC=\"access_token\":\"",
		"RB/IC=\"",
		SEARCH_FILTERS,
			"Scope=headers",
		LAST);

	web_reg_save_param_ex(
		"ParamName=txtTokenType", 
		"LB/IC=\"token_type\":\"",
		"RB/IC=\"",
		SEARCH_FILTERS,
			"Scope=headers",
		LAST);

After login, you can change the request headers by adding the token as followed:

web_add_header("Authorization","{txtTokenType} {txtAccessToken}");

I hope this works in your environment.

Regards, Christoph

0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: Capture Access Token to Parameter

Jump to solution

I'm still getting a 401  error. Also the parameters did not find the string. I added a web_set_max to allow for a larger string return and still nothing found. Searched the body and still nothing found. Any idea what's happening? 

0 Likes
Highlighted
Super Contributor.
Super Contributor.

Re: Capture Access Token to Parameter

Jump to solution

Hi Ka33nan33,

you have to place the "web_reg_save_param_ex"-statements before transaction

web_submit_data("authenticate",
		"Action=http://cariboudevapi.dssinc.com/CaribouCLCSuiteAPI/api/authenticate",
...

The tokens you need are located in the server-response of this request.

After transaction "authenticate" you can add the header with captured tokens.

Regards, Christoph

View solution in original post

0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: Capture Access Token to Parameter

Jump to solution

I had to make some minor adjustments but you were absolutely correct. Problem Solved. You're Awesome.

Thank you!

0 Likes
Highlighted
New Member..
New Member..

Re: Capture Access Token to Parameter

Jump to solution

i am able to capture the access_token but due to security policies in my project, I need to refresh the access token every 2 minutes and pass through the script.

can anyone put some light on how to handle this?

0 Likes
Highlighted
Regular Contributor.
Regular Contributor.

Capture Bearer Access Token and use it later as header

Jump to solution

hi,

I am working on a web page that is sending an access token which gets refreshed every 30mins. I need to capture the token generated during authenticate and then pass the token in the web header later. I have doen the below correlation from the reponse body of web_url.

web_reg_save_param_ex(
        "ParamName=BearerToken",
        "LB=Bearer ",
        "RB=ExpireTime",
        SEARCH_FILTERS,
        "Scope=Body",
        LAST);
    

     web_url("GetBearerTokenValue", 
        "URL=xxxxx/GetBearerTokenValue?_=1529906343018", 
        "Resource=0", 
        "RecContentType=text/html", 
        "Referer=xxxxxxxx", 
        "Snapshot=t45.inf", 
        "Mode=HTTP", 
        LAST);
         
     lr_save_string(lr_eval_string("{BearerToken}"),"BearerToken1");

and in the later scripts i am adding header like this,

web_add_auto_header("Authorization","Bearer {BearerToken1}");

the above line throws the below warning when i rpelay the script,

Warning -26593: The header being added may cause unpredictable results when applied to all ensuing URLs. It is added anyway   [MsgId: MWAR-26593]

Also this number - 1529906343018 which is passed in the url, is the one which keeps changing after 30mins and it nowhere occurs in the response and is found only in the header of this particular request alone.

is my approach right?

how to rectify this?. what went wrong? is it ok to get warning in the web script. will it fail when i run in a load test.

Could someone please help on this?

 


         
     

0 Likes
Highlighted
Visitor.

Re: Capture Access Token to Parameter

Jump to solution

I am seeing this in VUGen-

The header being added may cause unpredictable results when applied to all ensuing URLs. It is added anyway

 

What was your solution? You said you made minor changes and it worked?

"I had to make some minor adjustments but you were absolutely correct."

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.