Quite often when I start using a new tool it takes me hours to get something working which seems to be trivial just to recognize that it IS actually trivial once I get the concept (that’s the moment where I feel like banging my head against a wall).
So it happens to me recently with SoapUI and JWT based user authentication tracking.
And for the sake of your head (and the innocent wall) here is how to use JWTs in your SoapUI tests.
Scenario:
- REST API Service with JSON response
- User Authentication state tracking using JWTs (instead of sessions)
- Login with username & password
- Get JWT in response to successful login
- Use JTW received in subsequent calls (e.g. get user details)
So the testcase looks like this:
To make a long story short: the point I’ve missed is that you can use Properties in the request headers.
All you have to do is to extract the JWT from the (successful) login response and inject it into the header of the subsequent test step(s).
The response from my backend in test step “Login_User” looks like this:
{"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJpYXQiOjE0NzE1NTgzMDAsImlzcyI6Imh0dHA6XC9cL2xvY2FsaG9zdCIsIm5iZiI6MTQ3MTU1ODMwMCwiZXhwIjoxNDcxNTYxOTAwLCJkYXRhIjp7IlVzZXJuYW1lIjoiVGVzdHVzZXIiLCJGaXJzdG5hbWUiOiJUZXN0IiwiTGFzdG5hbWUiOiJVc2VyIiwidXNlcklkIjoiOTZjYWExYjItYTI4ZC00NDBlLWEwMDMtNDE0MzEwNTcxYTdiIn19._Nd7K2AsXC2Zez4TytEtxpvS1HEUXP7k1Di4bPCjP3edG_2Gh-8zFgCKuioVullMrWzCDI12uoFmPXwoxINslg"} Now we grab that token and store it in a property using a “Properties TestStep” (named “SaveToken” in my example):
(We transform the response from the “Login_User” test step, extract the value of the “token” tag and store it in the test case property “JWT”.)
And then inject it into an Authorization Header of the “Get_User_Details” test step like this:
(Click on “Header” in the test step, then on the “+” sign put “Authorization” as the header name and “Bearer ${#JWT}” as then value.)
Voilà! That’s all. Happy testing!
Share if you found this useful. Leave a comment for questions or suggestions.