Scripting examples on how to use different authentication or authorization methods in your load test.
Basic authentication
basic-auth.js
1import encoding from 'k6/encoding';2import http from 'k6/http';3import { check } from 'k6';4
5const username = 'user';6const password = 'passwd';7
8export default function () {9 const credentials = `${username}:${password}`;10
11 // Passing username and password as part of the URL will12 // allow us to authenticate using HTTP Basic Auth.13 const url = `https://${credentials}@httpbin.test.k6.io/basic-auth/${username}/${password}`;14
15 let res = http.get(url);16
17 // Verify response18 check(res, {19 'status is 200': (r) => r.status === 200,20 'is authenticated': (r) => r.json().authenticated === true,21 'is correct user': (r) => r.json().user === username,22 });23
24 // Alternatively you can create the header yourself to authenticate25 // using HTTP Basic Auth26 const encodedCredentials = encoding.b64encode(credentials);27 const options = {28 headers: {29 Authorization: `Basic ${encodedCredentials}`,30 },31 };32
33 res = http.get(`https://httpbin.test.k6.io/basic-auth/${username}/${password}`, options);34
35 // Verify response (checking the echoed data from the httpbin.test.k6.io36 // basic auth test API endpoint)37 check(res, {38 'status is 200': (r) => r.status === 200,39 'is authenticated': (r) => r.json().authenticated === true,40 'is correct user': (r) => r.json().user === username,41 });42}
Digest authentication
digest-auth.js
1import http from 'k6/http';2import { check } from 'k6';3
4const username = 'user';5const password = 'passwd';6
7export default function () {8 // Passing username and password as part of URL plus the auth option will9 // authenticate using HTTP Digest authentication.10 const credentials = `${username}:${password}`;11 const res = http.get(12 `https://${credentials}@httpbin.test.k6.io/digest-auth/auth/${username}/${password}`,13 { auth: 'digest' }14 );15
16 // Verify response (checking the echoed data from the httpbin.test.k6.io digest auth17 // test API endpoint)18 check(res, {19 'status is 200': (r) => r.status === 200,20 'is authenticated': (r) => r.json().authenticated === true,21 'is correct user': (r) => r.json().user === username,22 });23}
NTLM authentication
ntlm-auth.js
1import http from 'k6/http';2
3const username = 'user';4const password = 'passwd';5
6export default function () {7 // Passing username and password as part of URL and then specifying8 // "ntlm" as auth type will do the trick!9 const credentials = `${username}:${password}`;10 const res = http.get(`http://${credentials}@example.com/`, { auth: 'ntlm' });11}
AWS Signature v4 authentication with the k6-jslib-aws
To authenticate requests to AWS APIs using AWS Signature Version 4, k6 offers the k6-jslib-aws JavaScript library, which provides a dedicated SignatureV4 class. This class can produce authenticated requests to send to AWS APIs using the http k6 module.
Here's an example script to demonstrate how to sign a request to fetch an object from an S3 bucket:
awsv4-auth.js
import http from 'k6/http';import { AWSConfig, SignatureV4 } from 'https://jslib.k6.io/aws/0.9.0/signature.js';
const awsConfig = new AWSConfig({ region: __ENV.AWS_REGION, accessKeyId: __ENV.AWS_ACCESS_KEY_ID, secretAccessKey: __ENV.AWS_SECRET_ACCESS_KEY,
/** * Optional session token for temporary credentials. */ sessionToken: __ENV.AWS_SESSION_TOKEN,});
export default function () { /** * Create a signer instance with the AWS credentials. * The signer will be used to sign the request. */ const signer = new SignatureV4({ service: 's3', region: awsConfig.region, credentials: { accessKeyId: awsConfig.accessKeyId, secretAccessKey: awsConfig.secretAccessKey, sessionToken: awsConfig.sessionToken, }, });
/** * Use the signer to prepare a signed request. * The signed request can then be used to send the request to the AWS API. */ const signedRequest = signer.sign({ method: 'GET', protocol: 'https', hostname: 'test-jslib-aws.s3.us-east-1.amazonaws.com', path: '/bonjour.txt', headers: {}, uriEscapePath: false, applyChecksum: false, }, { signingDate: new Date(), signingService: 's3', signingRegion: 'us-east-1', });
/** * The `signedRequest` object contains the signed request URL and headers. * We can use them to send the request to the AWS API. */ http.get(signedRequest.url, { headers: signedRequest.headers });}