Robotframework Http/https OAuth Interface Test (ii)

In the Robotframework Http/https OAuth Interface Test (a), a general introduction to the relevant concepts, finally can get to the point of the matter ~ ~ ~

First introduce the following project background:

The licensing model for the company's projects is the third resource owner password credentials password mode, as both the authentication server and the resource server are internal projects, so in this way, the company's processing process is roughly as follows:

(A) The user provides the account and password to the client.

(B) The client sends the user credentials and client credential information to the authentication server.

(C) The authentication server verifies that the client request is legitimate and the user credentials are valid to provide an access order to the client

Authentication server is mainly management token, a total of 2 interfaces, one is GetToken, one is Refreshtoken. and the resource authentication server is mainly processing the login to the meeting node server before the business, temporarily has 8 interfaces, after mobile phone download app, you can get verification code directly with the mobile phone number registered users (or QQ, login), and then you can log in to the Conference management background, a little list of the following interface part of the logic:

Verify the mobile phone number interface-"Get Verification Code interface-" Verify the mobile phone authentication code interface--"User registration interface-" User login Conference Management background Interface-"Create Room interface---" User Login conferencing node server interface, Where the user login to the Web Management background interface before the interface header authorization only need to carry the client credential information, access to the authentication server, take the user credentials and client credential information to obtain tokens, in order to further access resources within the resource server (later interface) , then the authorization of the header of the interface carries the token returned by the authentication server.

For the authentication server interface (user login Web Management background interface), the interface parameters are as follows:

Where: Basic encodeBase64 (${clientid} + ":" + ${clientsecret}), is the use of Base64 to the client credentials (Clientid,clientsecret, These two entries are written in the client configuration file and are then encoded after stitching.

Request-http:

Post/token http/1.1

Host:server.example.com

Authorization:basic CZZCAGRSA3F0MZPNWDFMQMF0M2JW

content-type:application/x-www-form-urlencoded

grant_type=password&username=johndoe&password=a3ddj3w

Response-http:

http/1.1 OK

Content-type:application/json;charset=utf-8

Cache-control:no-store

Pragma:no-cache

{

"Access_token": "2yotnfzfejr1zcsicmwpaa",

"Token_type": "Example",

"Expires_in": 3600,

"Refresh_token": "Tgzv3jokf0xg5qx2tlkwia",

"Example_parameter": "Example_value"

}

For the interface of the resource server, the header's authorization carries the token returned by the authentication server, with the following parameters:

Then, the introduction of how to test with RF tools, in the RF, has provided a library based on the HTTP/HTTPS protocol, is the requests library, only need to download requests and Requestlibray on the official website. Based on the installation steps I wrote earlier, the actual PIP command is the easiest to solve. Execute PIP install requests,

Pip Install-u robotframework-requests, prompt success.     After the project is built, import requestslibrary, if you want to operate dictionary, import collections (built-in library, loaded into human memory is used).                   The test business code for the authentication server interface is as follows: The results of the successful return are as follows: the interface test code for the resource server is as follows: The successful return interface is as follows: The above is roughly shared under the OAuth protocol based on the interface test method and the approximate business logic, the following will summarize the next WebService interface testing method, through the half-month of these interfaces test and learning, suddenly feel how to learn the bottom communication protocol is how important one thing, HTTP protocol and TCP protocol Basic public Protocol knowledge is not enough, in the entry stage, should be planned to do a systematic learning early ~ ~ ~

Robotframework Http/https OAuth Interface Test (ii)