OAuth 2.0 Authentication using bearer token

Question

OAuth 2.0 Authentication using bearer token

Opened this issue 9 months ago · 2 comments

SunithaShivananjaiah commented 9 months ago

Description

OAuth 2.0 kind of authentication how to do , here we have clinet id and key using which bearer token is generated please keep me posted ASAP

Answer 1 · 2023-12-12T19:41:45.000Z

Hello @SunithaShivananjaiah,

Generating tokens for RESTler is done through a custom script or program you provide, and the token can be passed to RESTler in several ways, as described in SettingsFile.md (see the 'Authentication' section). Below is an example Python script and settings which you can copy-paste into engine_settings.json to configure RESTler to use the auth token. In the data settings dictionary, specify any parameters you'd like to pass into the script (such as the client ID, and any additional settings to retrieve the secret).

  "authentication": {
    "token": {
      "module": {
        "file": "/path/to/auth.py",
        "function": "acquire_token",
        "data": {
          "client_id": "<GUID>",
          ...
        }
      },
      "token_refresh_interval": 300
    },

def acquire_token(data, log):
    token = gen_token(data)  # implementation to retrieve the token
    token_lines = [
        "{'user1':{}}",
        f"Authorization: {token}"
    ]
    return "\n".join(token_lines)

Thanks,

Marina

Answer 2 · 2023-12-13T07:19:23.000Z

Hi @marina-p,

Thank you for your input,
I had updated authentication info in engine-settings.json file as below and data file as below but am getting exception - "Cannot deserialize mutations dictionary: An exception occurred during deserialization: Newtonsoft.Json.JsonSerializationException: Could not find member"

Code snipet:
engine.settings.json
{
"per_resource_settings": {},
"max_combinations": 20,

"authentication": {
  "token": {
    "module": {
      "file": "C:/restler_bin/restler/demo_server_config/acquire_token.py",
      "function": "acquire_token",
      "data": {
        "client_id": "client_id",
        "client_secret": "client_secret"
        
      }
    },
    "token_refresh_interval": 600
  }

}
}

dict.json:
{
"restler_fuzzable_string": [
"fuzzstring"
],
"restler_fuzzable_string_unquoted": [],
"restler_fuzzable_datetime": [
"2019-06-26T20:20:39+00:00"
],
"restler_fuzzable_datetime_unquoted": [],
"restler_fuzzable_date": [
"2019-06-26"
],
"restler_fuzzable_date_unquoted": [],
"restler_fuzzable_uuid4": [
"566048da-ed19-4cd3-8e0a-b7e0e1ec4d72"
],
"restler_fuzzable_uuid4_unquoted": [],
"restler_fuzzable_int": [
"1"
],
"restler_fuzzable_number": [
"1.23"
],
"restler_fuzzable_bool": [
"true"
],
"restler_fuzzable_object": [
"{ "fuzz": false }"
],
"restler_custom_payload": {},
"restler_custom_payload_unquoted": {},
"restler_custom_payload_uuid4_suffix": {},
"restler_custom_payload_header": {},
"restler_custom_payload_query": {},
"client_id": [
"8975382c86-3b8e-4600-861d-f9bf130fef6b"
],
"client_id1": [
"67882c86-3b8e-4600-861d-f9bf130fef6b"
],
"client_secret": [
"4m68Q~~eJ5BsRSrb~~BYVGsdufeihsOgPJWtEF7"
],
"resource":
[
"67882c86-3b8e-4600-861d-f9bf130fef"
],
"grant_type": [
"client_credentials"
]
}

Used dummy data for posting here please check and leme know if any correction

Logs:
Cannot deserialize mutations dictionary: An exception occurred during deserialization: Newtonsoft.Json.JsonSerializationException: Could not find member 'client_id' on object of type 'MutationsDictionary'. Path 'client_id', line 35, position 16.
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.ResolvePropertyAndCreatorValues(JsonObjectContract contract, JsonProperty containerProperty, JsonReader reader, Type objectType)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObjectUsingCreatorWithParameters(JsonReader reader, JsonObjectContract contract, JsonProperty containerProperty, ObjectConstructor`1 creator, String id)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateNewObject(JsonReader reader, JsonObjectContract objectContract, JsonProperty containerMember, JsonProperty containerProperty, String id, Boolean& createdFromNonDefaultCreator)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize(JsonReader reader, Type objectType, Boolean checkAdditionalContent)
at Newtonsoft.Json.JsonSerializer.DeserializeInternal(JsonReader reader, Type objectType)
at Newtonsoft.Json.JsonSerializer.Deserialize(JsonReader reader, Type objectType)
at Newtonsoft.Json.JsonConvert.DeserializeObject(String value, Type type, JsonSerializerSettings settings)
at Restler.ResultsAnalyzer.Analyze.Main.dictionarySuffixes$cont@54(String dictionaryFilePath, Unit unitVar) in C:\Restler_Security_VSCode\restler-fuzzer\src\ResultsAnalyzer\Analyze\Main.fs:line 54