tags:

views:

584

answers:

2
+2  Q: 

REST client that can handle login via oauth.

Hi

I am working as a tester on a system based on a Rest API. Part of my job is to use different applications to POST files to the Rest API and then accessing the API directly via a Rest Client to verify that the XML is correct.

So far I have been using the RESTClient firefox add-on.

But now we are getting rid of our old login in favour of Oauth. This all good and all but it makes testing harder since I can't ( don't know how? ) how to access the Rest API using the REST client I am using. And I don't know of any other REST client that can do this.

I need a REST Client/REST browser that can handle login via oauth.

Update:
Hi. I am still looking for more good REST Clients that can handle Oauth. So if you know any I would appreciate a post below.

+1  A: 

There's nothing that prohibits you from continuing to test a REST API manually when it uses OAuth authentication. OAuth simply requires that you send additional parameters: first that you negotiate the OAuth dance to get a request token and exchange it for an access token and then that each request has the necessary OAuth parameters (oauth_consumer_key, oauth_token, oauth_signature_method, oauth_signature, oauth_timestamp and oauth_nonce). You'd need to use a separate tool to do the signing (unless the product you're testing is willing to use PLAINTEXT as the signature method), but you could simply copy all of these values in manually to your current manual tool.

If that sounds like a lot of work, you're right! I think this is a good time to switch to automated testing. Libraries exist for most languages to consume OAuth services programmatically and that would handle all of those parameters and signing for you. You could build a generic tool that let a manual tester specify URLs and parameters by hand, or go farther and write something that did all the generation and validation automatically.

Update: for doing some exploratory testing from the command line, it would certainly be helpful to have a curl-like tool that handles some of the OAuth paramaters and signing. Check out oauth-proxy which may work for you -- it's intended exactly for exploring APIs on the command line. Or you may find that for your particular explorations, you want to build a script around oauth-proxy or a tool on top of one of the many OAuth libraries for different languages.

npdoty  2010-01-15 23:39:41
Thanks for your good answer. I was afraid that it would be a drag using our current tool and you confirmed it. We already do automated testing but we also need to do manual exploratory testing using REST Client. I can't belive there is not a open source tool for this.
Jonas Söderström  2010-01-18 08:42:19
Yeah, that's a good point, @Jonas. Sometimes you need to do manual exploratory testing of an API. I've added a link to oauth-proxy to the answer which might work for you, and I'd be very interested to know of other such convenience tools.
npdoty  2010-01-19 00:20:41
@npdoty - Thanks for all your help. I managed to find a tool that can do what I need. See my answer below.
Jonas Söderström  2010-01-20 14:24:47
A: 

Turns out RESTClient does support oauth but that the new version has not been released yet.

Checkout the lastest codes from sourceforge
http://sourceforge.net/projects/restclient/develop
And use those files to replace your RESTClient (which should be found in your firefox profile directory
http://support.mozilla.com/en-US/kb/Profiles#How_to_find_your_profile ).

Note: I had to hack the source and remove the "realm" parameters since our system didn't want it. According to Oauth spec realm is optional and I have asked the developers of RESTClient to make it optional in the future releases.

Jonas Söderström  2010-01-20 14:23:37

related questions

Language Conversion Testing
How to Test Numerical Analysis Routines?
Getting the subversion repository number into code...
Firefox extension for website interaction recording and repetition
How to gauge the quality of a software product
Developer testing vs. QA team testing - What is the right division of work?
Anyone Using Executable Requirements?
Rigor in capturing test cases for unit testing
Tools for automating mouse and keyboard events sent to a windows application.
Do you or your company hire testers?
What types of software testing are there?
Best mock framework that can do both WebForms and MVC?
Test Distribution
How to make junior programmers write tests?
Junit vs TestNG
Verifying files for testing
What is Object Mocking and when do I need it?
Why should I practice Test Driven Development and how should I start?
How to set up unit testing for Visual Studio C++
How to Test Web Code?
Choosing a static code analysis tool
What's the best way to implement BDD/TDD in .NET 2.0?
How to get started "writing" a code coverage tool?
.NET Unit Testing packages?
Using combinations of sets as test data