Forum Discussion

CD-Sogeti's avatar
CD-Sogeti
Regular Visitor
7 years ago

Getting Authorization code using private key JWT as client authenticatoin.

We are implementing UK open banking and authenticating client using JWS Client Assertion using a private key JWT.

 

Post request to autorisation end point is send with signed JWT in body. It is then redirected to user authentication (username and password). Authorization code is recieved which then need to be exchanged with access token.

Not able to achieve this using OAthu2 in soapui as there is no option to use signed JWT (in body).

 

Also is it possible to get the access token is two step ?
1. Get authorizatio code by sending the signed JWT in the body
2. Exchange authorization code with access token

  • What works for us is we have a JWT in a header. So that in our environment we add a custom property CPjsonWebToken and give it the value, such as a base58 string.

     

    Then in each test step in the request editor you add the header using "Headers: tab

     

    Header                                   Value

    Authorization:                       ${#Project#CPjsonWebToken}

     

    We get  what we call a request ID back - We feed the request ID  into another request step like in json form.

     

    We do this by using a groovy script to pull out the response - where we get the request ID. Then feed that request ID back into the next test step (which I call xyz432 retrieve).

     

    import static groovy.json.JsonOutput.toJson;
    import groovy.json.JsonSlurper
    import groovy.json.JsonBuilder
    
    def json = new JsonBuilder()
    def someID = context.expand('${#Project#CPsomeID}').toString()
    
    // name of just ran previous test step
    def previousTestStep = testRunner.getTestCase().getTestStepByName("xyz432 request")
    String propertySpec = '${' + previousTestStep.name + '#Response}'
    def response = context.expand(propertySpec)
    def jsonSlurper = new JsonSlurper().parseText(response)
    String erdesc = new String(jsonSlurper.errorDesc)
    
    String theSlice = new String(erdesc.substring(0,7))
    
    if (theSlice == "Success")
    {
    def requestID =  jsonSlurper.requestID
    
    log.info "requestID is " + requestID
    
    // form json from requestID and P7B
    def root = json someID : someID,
                    referenceRequestID : requestID
    
    // name of next test step
    def restRequest = testRunner.testCase.getTestStepByName("xyz432 retrieve");
    
    
    
    
    // Set the json for the test step request
    restRequest.setPropertyValue('Request', json.toString())
    // ***

    So we have a test request step, a groovy script step to grab the request ID , and a second test request step that has its json populated by the groovy test step.

     

    In your case you can get the authorization code from the first test step request's  response by using a groovy script test step in the same test case. 

    Then you have your next test step uses that json that now has the authorization coe. Your groovy script step creates the json required for your second request step- "Exchange authorization code with access token"

     

    I hope rhea helps.