Configuring Recorded Browser-Based Form Authentication

  • Recorded browser-based form authentication is a quick and visual way of creating authentication flows. It allows uploading an authentication flow which was prerecorded with the Chrome recorder and using it as authentication with Bright.

Recording authentication

To record a session using Google Chrome Recorder, follow the steps below.

  1. In the Chrome browser, open the target URL in a separate tab.
  2. Open DevTools.

📘

Note

Opening DevTools

  • In Chrome's main menu: Click the three dots menu (Customize and control Google Chrome) and then select More Tools Developer Tools.
    • On Windows: Press Ctrl+Shift+J.
    • On Mac: Ctrl+Option+J.
761
  1. Click the three dots menu (More options) and then select More tools > Recorder.
581
  1. Click the Start New Recording button. The browser will display the Start a New Recording pane.
  2. In the Recording Name field, enter a name for your recording.
  3. At the bottom of the page, click the Start a New Recording button.
822
  1. Record your login session and click the End Recording button to stop the recording.

📘

Note

To add post-login check:

  1. Select the three dots against the last step and then click Add Step After.
  2. Expand the new step.
  3. Click a small icon against selectors and then select an element in the page to update selector (see screenshot below).

  1. Log out.
  2. At the top of the developer tools pane, click the Replay button. If the record cannot be replayed, repeat steps 4-5 until the record is replayed successfully.
820
  1. Select Export as a JSON file and save the record on your PC.

📘

If you use the Incognito mode in Chrome to make the recording and have more than 1 Incognito windows running, clicking the logout is not enough to clean the credentials. Additionally, you will need to close all the Incognito windows.

📘

Note

Before following the instructions below, ensure that your application and authenticated resources are accessible to the Bright engine, either directly from the Internet or via the Repeater.

Uploading recorded file to Bright

📘

Note

This topic describes only how to fill in fields specific for recorded browser-based form authentication (the Setup tab). For general steps, see Creating Authentication.

  1. From the Authentication type dropdown list, select Recorded Browser-Based Form Authentication. The Upload Recorded File (JSON) link will appear at the bottom of the dialog window.

  2. Click the Upload Recorded File (Json) link and upload the recording.

📘

Note

Bright allows testing a scan before saving it. For details, see the Testing Authentication.

Configuring Custom Headers

The Bright app now allows users to manually add a custom header to browser-based form authentication and -recorded one. As a result, users are able to cover complex non-standard headers to make protected resource tests possible.

📘

Note:

All existing templates, except those containing $faker, must have the auth_object context, if they do not already. To learn more about Faker.js data generator, see Generating mock data.

To use a custom header in the authorized requests, follow these steps:

  1. Go to Advanced tab, the Authorized requests setup and add click Add header.

  1. Fill in the header name: x-auth.
    There are two merge strategies:
    • Replace - replaces the value without duplication
    • Append - adds the value to the end of the page

Select Replace merge strategy to continue.

  1. Fill in header value: {{ auth_object.any_stage.request.headers | get: '/x-auth'}}.

Click Test Authentication to make sure that no errors are produced.