Testing OAuth based Services

Load testing a service that utilizes OAuth for authentication and authorization can be a bit challenging. Note that there are many different flavors of OAuth and we won't discuss them all.

What is OAuth?

The OAuth 2 specification defines a delegation protocol that is useful for conveying authorization decisions across a network of web-enabled applications and APIs. OAuth 2 is used in a wide variety of applications, including providing mechanisms for user authorization.

It allows third party services to use the end-user information without revealing their personal credentials.

If you want more detailed information how OAuth 2 works visit oauth.net or this simplified article by Aaron Parecki.

How to load test with OAuth 2 authorization

There are multiple approaches on how to test an OAuth based application. The following steps have been working out pretty well so far:

  • You don't need to test your OAuth service
  • Prefer to only make requests to the system you want to load test
  • Calling an identity provider during the load test impacts the performance and will return inaccurate results
  • Provide bearer tokens as fixtures and do not create them dynamically
  • Send bearer token in request header
session.get("/users/1", {
  headers: {
    "Authorization": "Bearer RsT5OjbzRn430zqMLgV3Ia"
  }
})
Get started icon

Get Started

New to the StormForger?
With these guides you’ll be up and running in no time!

FAQ icon

FAQ

Already took a look at our FAQs?

Support icon

Support

Are you stuck? Talk to us! We're humans.

We are using cookies to give you the best online experience. If you continue to use this site, you agree to our use of cookies. By declining we will disable all but strictly required cookies. Please see our privacy policy for more details.


Accept Decline