No results for

Powered byAlgolia

HTTP Authentication

Scripting examples on how to use different authentication or authorization methods in your load test.

Basic authentication

basic-auth.js
1import encoding from 'k6/encoding';
2import http from 'k6/http';
3import { check } from 'k6';
4
5const username = 'user';
6const password = 'passwd';
7
8export default function () {
9 const credentials = `${username}:${password}`;
10
11 // Passing username and password as part of the URL will
12 // allow us to authenticate using HTTP Basic Auth.
13 const url = `http://${credentials}@httpbin.test.k6.io/basic-auth/${username}/${password}`;
14
15 let res = http.get(url);
16
17 // Verify response
18 check(res, {
19 'status is 200': (r) => r.status === 200,
20 'is authenticated': (r) => r.json().authenticated === true,
21 'is correct user': (r) => r.json().user === username,
22 });
23
24 // Alternatively you can create the header yourself to authenticate
25 // using HTTP Basic Auth
26 const encodedCredentials = encoding.b64encode(credentials);
27 const options = {
28 headers: {
29 Authorization: `Basic ${encodedCredentials}`,
30 },
31 };
32
33 res = http.get(`http://httpbin.test.k6.io/basic-auth/${username}/${password}`, options);
34
35 // Verify response (checking the echoed data from the httpbin.test.k6.io
36 // basic auth test API endpoint)
37 check(res, {
38 'status is 200': (r) => r.status === 200,
39 'is authenticated': (r) => r.json().authenticated === true,
40 'is correct user': (r) => r.json().user === username,
41 });
42}

Digest authentication

digest-auth.js
1import http from 'k6/http';
2import { check } from 'k6';
3
4const username = 'user';
5const password = 'passwd';
6
7export default function () {
8 // Passing username and password as part of URL plus the auth option will
9 // authenticate using HTTP Digest authentication.
10 const credentials = `${username}:${password}`;
11 const res = http.get(
12 `http://${credentials}@httpbin.test.k6.io/digest-auth/auth/${username}/${password}`,
13 { auth: 'digest' }
14 );
15
16 // Verify response (checking the echoed data from the httpbin.test.k6.io digest auth
17 // test API endpoint)
18 check(res, {
19 'status is 200': (r) => r.status === 200,
20 'is authenticated': (r) => r.json().authenticated === true,
21 'is correct user': (r) => r.json().user === username,
22 });
23}

NTLM authentication

ntlm-auth.js
1import http from 'k6/http';
2
3const username = 'user';
4const password = 'passwd';
5
6export default function () {
7 // Passing username and password as part of URL and then specifying
8 // "ntlm" as auth type will do the trick!
9 const credentials = `${username}:${password}`;
10 const res = http.get(`http://${credentials}@example.com/`, { auth: 'ntlm' });
11}

AWS Signature v4 authentication

Requests to the AWS APIs requires a special type of auth, called AWS Signature Version 4. k6 does not support this authentication mechanism out of the box, so we'll have to resort to using a Node.js library called awsv4.js and Browserify (to make it work in k6).

For this to work, we first need to do the following:

  1. Make sure you have the necessary prerequisites installed: Node.js and Browserify

  2. Install the awsv4.js library:

    $ npm install aws4
  3. Run it through browserify:

    $ browserify node_modules/aws4/aws4.js -s aws4 > aws4.js
  4. Move the aws4.js file to the same folder as your script file. Now you can import it into your test script:

    import aws4 from './aws4.js';

Here's an example script to list all the regions available in EC2. Note that the AWS access key and secret key needs to be provided through environment variables.

⚠️ CPU- and Memory-heavy

As the browserified version of this Node.js library includes several Node.js APIs implemented in pure JS (including crypto APIs) it will be quite heavy on CPU and memory hungry when run with more than just a few VUs.

awsv4-auth.js
import http from 'k6/http';
import { sleep } from 'k6';
// Import browserified AWSv4 signature library
import aws4 from './aws4.js';
// Get AWS credentials from environment variables
const AWS_CREDS = {
accessKeyId: __ENV.AWS_ACCESSKEY,
secretAccessKey: __ENV.AWS_SECRETKEY,
};
export default function () {
// Sign the AWS API request
const signed = aws4.sign(
{
service: 'ec2',
path: '/?Action=DescribeRegions&Version=2014-06-15',
},
AWS_CREDS
);
// Make the actual request to the AWS API including the
// "Authorization" header with the signature
const res = http.get(`https://${signed.hostname}${signed.path}`, {
headers: signed.headers,
});
// Print the response
console.log(res.body);
sleep(1);
}