Two-Step HTTP Testing (OAuth)

The ThousandEyes HTTP server test includes support for two-step HTTP testing. You can use this feature to create testing scenarios where the initial request fetches an authentication token, and the token is used by the second request to perform the actual test measurement. These requests can have different target URLs, the second of which is the URL of the server actually being tested.

By contrast, a basic HTTP server test only contains one request, for the test measurement itself.

The test configuration for two-step HTTP authentication is found in Network & App Synthetics > Test Settings under the Advanced Settings tab, for an HTTP server test. Look in the section titled HTTP Authentication, and choose the OAuth option.

Overview

The two HTTP requests can be described as follows:

1. Initial or authentication request

2. Primary or measurement request (the actual HTTP server test itself)

These two requests are executed as part of a single ThousandEyes HTTP server test and have a special relationship, in that certain values from the initial request can be dynamically inserted into the primary request. One example where you can use this testing method is for an -secured API service:

The initial request is sent to the authentication URL, and fetches the authorization token. The authorization token is passed to the API service URL in the primary request.

The following figure illustrates the scenario:

Advanced Settings

Configure Initial Authentication Request

As shown in the previous section, the initial authentication request is configured independently of the measurement request. The figure below shows the HTTP server test configuration with sample values, including the JSON portions.

Fields for HTTP Authentication:

1. Initial Authentication Scheme selector defines how the initial request will be authenticated to the authentication service. Currently Basic and NTLM methods are inherently supported. Other custom authentication schemes may be configured by manipulating raw request header and/or body content - see items #4, #5 and #6 below.

2. Username and Password fields for Basic (or NTLM) HTTP authentication.

3. Authentication URL is the target service URL to send the initial HTTP request to (typically an authentication request).

5. Authentication Request Body (use POST only) content field provides means for submitting custom POST content in the authentication request.

6. Authentication Headers can be filled with custom HTTP headers to add to your initial request.

Some other aspects of the authentication request configuration (such as HTTP protocol version and User Agent string) are common to both authentication and measurement requests, and are configured in the measurement request's configuration section.

{
    "access_token": "<REAL-TOKEN-VALUE-HERE>",
    "token_type": "bearer",
    "expires_in": 3600,
    ...
}

Configure the Measurement Request

%{json:<VARIABLE_NAME>}

Troubleshooting OAuth Authentication Issues

When an HTTP Server test using OAuth authentication experiences an issue in the initial authentication request, the result displays in the test view on the Map tab, indicating a problem in the Authentication phase, as shown below.

In the same test view on the Table tab, you’ll see “Authentication” under the Error Type column, as shown below:

To investigate why the authentication request is failing, create a dedicated HTTP server test targeting the authentication URL, using the same authentication scheme that is used for the initial authentication request in the OAuth-based test:

Such a test will provide an insight into the full request and response headers, and will not display sensitive authentication information. You can use this troubleshooting information to re-configure the OAuth portion of your original HTTP server test.