Bearer token injection to request header for oauth2

[armen-ch]

Hi,

I'm trying to generate tests from OAS for a microservice which uses Oauth 2 authentication. I want to generate these tests and run them with Newman as an automated test suite.
The OAS file security part is specified as follows:

components:
 securitySchemes:
   oAuth2:
     type: oauth2
     flows:
       clientCredentials:
         tokenUrl: https://{{token-provider-url}}/connect/token
         scopes:
           scope1.read: Grant read-only access to scope1.
           scope2.read: Grant read-only access to scope2.

paths:
 '/products':
   get:
     operationId: lookup_products
     security:
       - oAuth2: [ scope1.read ]
     parameters:
       - name: Authorization
         in: header
         description: “The auth token”
         schema:
           type: string
         required: true

And below is the generated postman collection generated by Portman

I expect that the “Authentication:'' key with some placeholder value should be injected into a request header which can be then replaced with some _{{accessToknen}}_ variable. The pre-request script will fetch a token and initialize that variable and I will be able to run the generated contract tests with Newman against microservice providing the bearer token in the requests. But after generating tests from OAS with Portman I see that the authorization token is generated in the originalRequest block of the response. And it looks like it doesn't make sense if running the tests with Newman since I’m getting an unauthorized response from the microservice and the “Authorization header was not found on the request” error in the microservice log. If I manually add the “Authorization” parameter with the token to the header and run the Newman it works.

I really liked the Idea of Portman and am currently doing some POC to know if it is possible to use Portman for our testing automation. So I would appreciate any support.

[thim81]

@armen-ch Could you share your Portman configuration? So that we can try to reproduce it?

[armen-ch]

Hello @thim81,
I maximally simplified the config file and moreover it's reproducible even if I'm not specifying config file at all.

{
  "version": 1.0,
  "tests": {
    "contractTests": [
      {
        "openApiOperation": "*::/*",
        "statusSuccess": {
          "enabled": true
        },
        "contentType": {
          "enabled": true
        },
        "jsonBody": {
          "enabled": true
        },
        "schemaValidation": {
          "enabled": true
        },
        "headersPresent": {
          "enabled": true
        }
      }
    ]
  }
}

I know, it's possible to inject a token parameters into header using overwrites -> overwriteRequestHeaders. But since auth2 protocol assumes sending fetched bearer token in the request it make sense to inject it directly into the header

thanks.