Testing OAuth based Services

Load testing a service that utilizes OAuth for authentication and authorization can be a bit challenging. Note that there are many different flavors of OAuth and we won't discuss them all.

What is OAuth?

The OAuth 2 specification defines a delegation protocol that is useful for conveying authorization decisions across a network of web-enabled applications and APIs. OAuth 2 is used in a wide variety of applications, including providing mechanisms for user authorization.

It allows third party services to use the end-user information without revealing their personal credentials.

If you want more detailed information how OAuth 2 works visit oauth.net or this simplified article by Aaron Parecki.

How to load test with OAuth 2 authorization

There are multiple approaches on how to test an OAuth based application. The following steps have been working out pretty well so far:

session.get("/users/1", {
  headers: {
    "Authorization": "Bearer RsT5OjbzRn430zqMLgV3Ia"