Forum Discussion

testlabauto's avatar
testlabauto
New Contributor
4 years ago

Why can't I use property expansions in Auth Repository? Is there a workaround?

I was hoping to use hardcoded OAuth tokens in my project, but protect them somehow so they aren't clear text in source control.  I was hoping I could use Custom Project Properties that were read from a file that was ignored by source control.  This doesn't appear to work.  Property expansions don't appear to work here.  Does anyone know a way to do this?

 

  • Hi testlabauto ,

    Instead of using Auth manager, you can pass the token in the header of the request, if you are using JWT token you can follow the steps given in the image. Initially, I also tried to find the solution to this and resorted to this

    For token generation I have created a suite and every time i run my suites it executes first and with the help of  property transfer token is transferred to all the requests.

     

    Give Kudos or Accept it as a Solution, If my reply answers your question.

     

  • richie's avatar
    richie
    Community Hero

    Hey testlabauto 

     

     

    No one's come back to answer this yet and I was intrigued by your post as it seems a little weird that you can't use property expansions in the Auth Manager editable field.  I can't answer this I'm hoping that perhaps the SmartBear support Staff might comment (occasionally they do which can help a lot).

     

    However - I just wanted to emphasise some points in case this helps.  You can encrypt the whole project or custom project level properties.

     

    I've always steered clear of the Auth Manager before now.  I load in all my variables via a properties file before I start execution.  My properties file contains static values like environment specific URIs, ip addresses, etc. and placeholders for dynamic values - GUIDS, token values, etc. I generate my dynamic property values by querying the environment by executing steps within a disabled setup testsuite (the first testsuite in my project) when the execution starts.  All these values are loaded into custom project level properties - this means I can encrypt my tokens, usernames, passwords - cos you can either encrypt the whole project or specific custom project level properties.

     

    I did a bit of reading and git does support encrypting passwords, but only if they're in separate files.  You can encrypt readyapi! preferences via the C:\Users\<your-user-name>\.readyapi\readyapi‑settings.xml. file.  You could create some Global Properties in here which would contain all your OAuth Tokens in here.  This is a separate file to the project file (and I'm assuming still remains separate when you unflatten the project file to composite option), so it also means you wouldn't necessarily keep adding it to your push if it doesn't change often.

     

    Anyway - sorry  i can't help with the Auth Manager - I looked at it about 2 years ago and was advised by one of the experts on here to use loading in custom project level properties file instead and I've gone with that ever since, but perhaps either that or the readyapi-settings.xml file option might help?

     

    Other than that - perhaps the SmartBear staff might chime in on this - I'd like to see what they say as I wouldn't mind giving the Auth Manager another shot now the functionality is a little more mature than what it was 2 years ago.

     

    Cheers,

     

    rich

     

    Ta

     

     

    • testlabauto's avatar
      testlabauto
      New Contributor

      Hi Rich,

       

      Thanks for your post.  I am definitely receptive to skipping Auth Manager and using Project variables, for instance, that map to a file and/or are encrypted.  However, I also haven't been able to get Property Expansions working for the auth fields on individual requests:

      I wonder if Groovy would work to set these?  Seems like a headache, though.

       

      Thanks,

      Chris

  • RJ's avatar
    RJ
    New Contributor

    Hi testlabauto ,

    Instead of using Auth manager, you can pass the token in the header of the request, if you are using JWT token you can follow the steps given in the image. Initially, I also tried to find the solution to this and resorted to this

    For token generation I have created a suite and every time i run my suites it executes first and with the help of  property transfer token is transferred to all the requests.

     

    Give Kudos or Accept it as a Solution, If my reply answers your question.