Using authentication in contract test

[rshakespearBHR]

I'm working on a POC using specmatic. I have a yaml file, and have followed the docs to setup/configure authentication in and environment config in my specmatic.json file. The problem I'm running into is that when it passes the auth it is passing a spoofed basic auth value, rather than the one defined in the specmatic.json. This results in every request returning a 401 unauthorized.

I'm running the test using and env=development flag, to specify the environment from my specmatic.json file. What am I missing to get it to use the actual auth variables from the file, instead of generating spoofed auth variables?

[yogeshnikam671]

Hi @rshakespearBHR, have you exported auth-tokens in the contract as mentioned in the documentation.
Here is a sample auth.spec file that you can look at.

I suggest you to have a look at the sample project and compare your setup with it to get the missing piece if there is one.
Let us know if you have set all of this up and still it is not working for you.

[rshakespearBHR]

I did not have that configured. Part of the issue is that this specific api I'm trying to test does not have a single authentication endpoint. All endpoints require a username/password in the request (basic auth). I don't have an auth endpoint to hit before running my tests. Does that change the approach?

[rshakespearBHR]

This is the documentation I'm looking at - testing with real auth - https://specmatic.in/documentation/authentication.html#testing-with-real-auth

[harikrishnan83]

hello @rshakespearBHR, thanks for reaching out. Apologies for the delayed response.

I understand you are trying to exercise the real auth as part of your POC. And to do that what @yogeshnikam671 suggested above is indeed the approach to follow. However, taking a step back, authentication and authorization is an orthogonal concern in the context of component and contract tests (it is better to verify auth and auth as part of higher env tests such as workflow tests). So ideally we would suggest using mock authentication in this scenario. Here is sample project with detailed explanation about the same.

Please let me know if you have any questions on this. Hope this helps.