Testing OAuth based Services

Load testing a service that utilizes OAuth for authentication and authorization can be a bit challenging. Note that there are many different flavors of OAuth and we won't discuss them all.

What is OAuth?

The OAuth 2 specification defines a delegation protocol that is useful for conveying authorization decisions across a network of web-enabled applications and APIs. OAuth 2 is used in a wide variety of applications, including providing mechanisms for user authorization.

It allows third party services to use the end-user information without revealing their personal credentials.

If you want more detailed information how OAuth 2 works visit oauth.net or this simplified article by Aaron Parecki.

How to load test with OAuth 2 authorization

There are multiple approaches on how to test an OAuth based application. The following steps have been working out pretty well so far:

  • You don't need to test your OAuth service
  • Prefer to only make requests to the system you want to load test
  • Calling an identity provider during the load test impacts the performance and will return inaccurate results
  • Provide bearer tokens as fixtures and do not create them dynamically
  • Send bearer token in request header
session.get("/users/1", {
  headers: {
    "Authorization": "Bearer RsT5OjbzRn430zqMLgV3Ia"
Icon Support Are you stuck? Or do you have any feedback? Get in touch with us – we are happy to help you.
Icon Schedule a demo Schedule a personal, customized demo. We'll show you around and introduce you to StormForger.
Icon Talk to a human To build and run reliable applications is complex – we know. Schedule a call and we’ll figure things out.

We are using cookies to give you the best online experience. If you continue to use this site, you agree to our use of cookies. By declining we will disable all but strictly required cookies. Please see our privacy policy for more details.

Accept Decline