Test Automation for OAuth2 protected RESTful APIs.

API Testing is recognised as being more suitable for test automation and continuous testing than GUI testing [wiki]and OAuth2/OpenID Connect are fundamental for securing APIs. So there is always need to write test automation for APIs which are secured.

Testing of OAuth2/OpenID protected Restful APIs involves getting access token, then use token to call API resources and finally determine whether APIs return the correct response.

Testing secured APIs using Postman is pretty easy, It can be done by selecting Authorization type as OAuth 2.0 and get the Access token after providing required inforation (including proper Grant Type) as shown below. And finally call the required API using the access-token.

Here we are going to see how to automate testing of OAuth2/OpenID protected Restful APIs using Postman and Newman. We will be using sample springboot app exposing RESTful API, which is protected with Keycloak as Auth server. We are going to create test case as Postman collection and then use Newman to automate running of the postman collection.

Why Newman ?

Newman is a powerful command-line collection runner for Postman. It allows us to run and test a Postman collection directly from the command-line.
Main advantage of using Newman is, to run Postman…