OAuth authorization with Bearer authentication tokens

Hi all,
I’m trying to write a “Log in scenario” with Gatling in Scala. The application has OAuth authorization with Bearer authentication token.

I have this code was generated by Gatling recorder :

.exec(http(“request_4”)
.post("/login")
.headers(headers_4)
.body(RawFileBody(“0294_request.json”))
.resources(http(“request_5”)
.get("/api/config/configs/getPref")
.headers(headers_5),
http(“request_6”)
.get("/api/config/configs/getAllUserProfileNames")
.headers(headers_5),
http(“request_7”)
.get("/api/refd/user_timezone")
.headers(headers_5),
http(“request_8”)
.get("/api/refd/enums")
.headers(headers_5),
http(“request_9”)
.get("/mrs/data/system.json")
.headers(headers_5),
http(“request_10”)
.get("/api/config/configs/widget")
.headers(headers_5),
http(“request_11”)
.get("/api/config/configs/system")
.headers(headers_11)))

val headers_4 = Map(
“Accept” → “/”,
“Accept-Encoding” → “gzip, deflate, br”,
“Accept-Language” → “en-US,en;q=0.9”,
“Origin” → “https://10.61.9.104:22650”,
“Sec-Fetch-Dest” → “empty”,
“Sec-Fetch-Mode” → “cors”,
“Sec-Fetch-Site” → “same-origin”,
“content-type” → “application/json”,
“product” → “mrs”)

val headers_5 = Map(
“Accept” → “/”,
“Accept-Encoding” → “gzip, deflate, br”,
“Accept-Language” → “en-US,en;q=0.9”,
“Sec-Fetch-Dest” → “empty”,
“Sec-Fetch-Mode” → “cors”,
“Sec-Fetch-Site” → “same-origin”,
“authorization” → “Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJRQV9leHA0IiwiZXhwIjoxNTg3NzYxMjEwLCJpc3MiOiJNaWxsZW5uaXVtIEF1dGhTZXJ2ZXIiLCJwZXJtaXNzaW9ucyI6WyJ2aWV3OmFsbCJdLCJpYXQiOjE1ODc3MTgwMTB9.D58Z2p-kBTB1hjCXtoptR7TuYzS_BCT5pTBA0yuY0GSqfcK0IgqIgNtWwyk1sNE_–pJZB-VqvvT3W_CkNtTAZWMzPvmxTF_lOcG42JBj1GY2GsTOZnfYyia-fhwGJtJkZ-Fp6wNgZw_2sYJ6gGMiCADqtwqb4VfRhg1Hff-iM68a-N4hFZNKMsLBn_okhR1O9rKN5rpEKHw6tOzZqeGtM3ccQfIXW2UZUlrBI6awKxXFh9D5IayGE6iOfQI_AxKgpgbrVLIZmcfNiQuj8XHbcG647segWkuhx4W9M6MKqWm1ClrG-nN7mAnehrp9C44AAfPZ0ru5gGCWTQRdtibtQ”,
“content-type” → “application/json”,
“product” → “mrs”)

val headers_11 = Map(
“Accept” → “/”,
“Accept-Encoding” → “gzip, deflate, br”,
“Accept-Language” → “en-US,en;q=0.9”,
“Sec-Fetch-Dest” → “empty”,
“Sec-Fetch-Mode” → “cors”,
“Sec-Fetch-Site” → “same-origin”,
“authorization” → “Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJRQV9leHA0IiwiZXhwIjoxNTg3NzYxMjEwLCJpc3MiOiJNaWxsZW5uaXVtIEF1dGhTZXJ2ZXIiLCJwZXJtaXNzaW9ucyI6WyJ2aWV3OmFsbCJdLCJpYXQiOjE1ODc3MTgwMTB9.D58Z2p-kBTB1hjCXtoptR7TuYzS_BCT5pTBA0yuY0GSqfcK0IgqIgNtWwyk1sNE_–pJZB-VqvvT3W_CkNtTAZWMzPvmxTF_lOcG42JBj1GY2GsTOZnfYyia-fhwGJtJkZ-Fp6wNgZw_2sYJ6gGMiCADqtwqb4VfRhg1Hff-iM68a-N4hFZNKMsLBn_okhR1O9rKN5rpEKHw6tOzZqeGtM3ccQfIXW2UZUlrBI6awKxXFh9D5IayGE6iOfQI_AxKgpgbrVLIZmcfNiQuj8XHbcG647segWkuhx4W9M6MKqWm1ClrG-nN7mAnehrp9C44AAfPZ0ru5gGCWTQRdtibtQ”,
“content-type” → “application/json”,
“is_front_end” → “true”,
“product” → “mrs”)

I have error 500 - Internal Server Error. I’ve tried to send credentials but still have an error - 404 Unauthorized.
There is no access to the source code of application.

I’ve attached two screenshots to show that Request payload is empty.

Could you kindly share some example of OAuth authorization with Bearer authentication tokens? Thank you!!

1.png520×866 12.5 KB

2.png548×946 23.6 KB

You have to figure out which response from the server contains this value.

It’s most likely some JSON payload, similar to this, that you’ll have to parse with a jmesPath or jsonPath check so you can capture and save the token value and then re-inject this value into your authorization headers, typically with Gatling Expression Language.