How to handle authentication flows?

[thim81]

Ideally we would need the pm.sendRequest would be awesome to have.

As currently we have to call an external authenitcation provider (like AWS cognito, Auth0, ...) to get user credentials before I can make any other calls, and having a pm.sendRequest in the pre-script to get the tokens would be awesome.

Currently I'm looking into creating a bespoke implementation that could fix this, but it does seem to break the workflow using postman-to-k6.

[thim81]

The pre-request scripts are supported in postman-to-k6, but the "pm.sendRequest" function would be more difficult, since this concept does not really exist in the K6 concepts.

As a work-around I do it like so:

1. Create a seperate NodeJs script or bash script
2. In the NodeJS script, it generates a Postman Environment file as result, with the necessary tokens
3. Convert Postman to K6 with the generated Postman environment file
4. Run generated K6 script

A simplified example of a packages.json contains the steps mentioned:

{
  "name": "api-k6",
  "version": "1.0.0",
  "description": "API - K6 testing suite",
  "scripts": {
    "generate:k6:api:oauth:token": "node api.pipeline.env.js",
    "generate:k6:api:pipeline": "postman-to-k6 api.postman.json --output  k6-script.js --environment api.pipeline.env.json ",
    "test:k6:api": "k6 run k6-script.js",
    "generate:k6:report": "node utils/generateReport.js"
  },
  "dependencies": {
    "@apideck/postman-to-k6": "^1.8.3",
    "axios": "^0.24.0",
    "dotenv": "^9.0.2",
    "k6-html-reporter": "^1.0.5",
    "k6-to-junit": "^1.0.3"
  }
}

Example of the api.pipeline.env.js script that generates the Postmen environment (using an Oauth flow), which uses ENVIRONMENT variables to pass along authentication parameters:

const fs = require('fs');
const path = require('path');
const request = require('axios');
const dotenv = require('dotenv');
dotenv.config({path: __dirname + '/.env'});

if (!process.env.OAUTH_ACCESS_TOKEN_URL) {
    console.log('No ENV variables or .env file found.')
    process.exit(1)
}

const currentTime = new Date().getTime();

const requestOptions = {
    url: process.env.OAUTH_ACCESS_TOKEN_URL,
    method: 'POST',
    headers: {"Content-Type": "application/json"},
    data: JSON.stringify({
        "client_id": process.env.OAUTH_CLIENT_ID,
        "client_secret": process.env.OAUTH_CLIENT_SECRET,
        "audience": process.env.OAUTH_AUDIENCE,
        'account_id': process.env.OAUTH_ACCOUNT_ID,
        "grant_type": "client_credentials"
    })
};

request(requestOptions)
    .then(function (res) {
        const resBody = res.data
        let postmanEnv = {
            "id": "7796f73b-b0d8-4b1a-98c8-9951304740b8",
            "name": "api-PIPELINE",
            "values": [
                {
                    "key": "baseUrl",
                    "value": process.env.BASEURL,
                    "enabled": true
                },
                {
                    "key": "oauth_access_token",
                    "value": resBody.access_token,
                    "enabled": true
                },
                {
                    "key": "oauth_access_token_expires",
                    "value": resBody.expires_in,
                    "enabled": true
                },
                {
                    "key": "oauth_access_token_url",
                    "value": process.env.OAUTH_ACCESS_TOKEN_URL,
                    "enabled": true
                },
                {
                    "key": "oauth_grant_type",
                    "value": "client_credentials",
                    "enabled": true
                },
                {
                    "key": "oauth_client_id",
                    "value": process.env.OAUTH_CLIENT_ID,
                    "enabled": true
                },
                {
                    "key": "oauth_client_secret",
                    "value": process.env.OAUTH_CLIENT_SECRET,
                    "enabled": true
                },
                {
                    "key": "oauth_audience",
                    "value": "https://audience.example",
                    "enabled": true
                },
                {
                    "key": "oauth_account_id",
                    "value": process.env.OAUTH_ACCOUNT_ID,
                    "enabled": true
                },
                {
                    "key": "oauth_base_url",
                    "value": process.env.OAUTH_BASE_URL,
                    "enabled": true
                }
            ]
        };

        let postmanEnvOutput = JSON.stringify(postmanEnv, null, 2);
        let currentFile = path.basename(__filename);
        let postmanEnvFile = currentFile.substring(0, currentFile.length - 3);
        fs.writeFileSync(__dirname + '/' + postmanEnvFile + '.json', postmanEnvOutput, 'utf8');

        console.log('Auth0 access token updated');
    })
    .catch(function (err) {
        // handle error
        console.log(`POST ${process.env.OAUTH_ACCESS_TOKEN_URL} failure`, err.message)
        process.exit(1)
    })

Your .env file could like this:

NODE_ENV=pipeline
BASEURL=https://localhost/api
OAUTH_BASE_URL=https://yourname.auth0.com
OAUTH_ACCESS_TOKEN_URL=https://yourname.eu.auth0.com/oauth/token
OAUTH_CLIENT_ID=___INSERT_HERE_YOUR_AUTH0_CLIENT_ID___
OAUTH_CLIENT_SECRET=___INSERT_HERE_YOUR_AUTH0_CLIENT_SECRET___
OAUTH_AUDIENCE=___INSERT_HERE_YOUR_AUTH0_AUDIENCE___
OAUTH_ACCOUNT_ID=___INSERT_HERE_YOUR_AUTH0_ACCOUNT_ID___
OAUTH_TOKEN_URL=https://yourname.eu.auth0.com

so locally or in my CI/CD I use the following sequence:

npm run generate:k6:api:oauth:token && npm run generate:k6:api:pipeline
npm run test:k6:api