Page tree
Skip to end of metadata
Go to start of metadata

Last updated: Oct 17, 2019 09:42

To enhance the security of the traffic between automation scripts and the Perfecto Lab, Perfecto has instituted the use of a security token used by the different automation tools when activating the Perfecto Lab system. The security token is a unique cryptographic key assigned to an authorized user.

The security token becomes invalid only in the following cases:

  • The user generates a new security token. This prevents the use of outdated automation scripts that may have an old token included.
  • The token has not been used for a period of 3 months. This solves the problem of zombie tokens being used, for example when a user leaves the company.
  • The owner of the token is disabled or deactivated from the Perfecto Lab.

On this page:

Limitations:

  1. Use of the security token is not supported for On-Prem Perfecto Lab installations.
  2. Users who generated tokens prior to V19.6 (May 2019) will not be able to see previously generated tokens. The old token is still valid and can be used normally. Any newly generated tokens are shown normally.

The Perfecto security token system works properly with installations that support an external Identification Provider (IDP).

This section describes how to generate a token through the Perfecto UI and use it in your automation scripts. You can also generate a token via a public API.

To use the generated token in API calls, you need to include it in the header. For details, see Smart Reporting Public API > Headers.

Step 1 | Generate a security token

Perfecto generates the security token based on your personal Perfecto Lab credentials. If you use multiple Perfecto Labs, you need to generate a separate security token for each Perfecto Lab instance.

Note: Generating a new security token invalidates any existing token associated with your credentials. This means that you need to change the token in all the places it is used.

To generate a security token:

  1. In the Perfecto UI, click your user name and select My security token

  2. In the My security token form, click Generate Security Token.

  3. Click Copy to clipboard. Then paste it into any scripts that you want to run with Perfecto. See Use a security token in automation scripts below.

  4. Click Close.


Step 2 | Use the security token in automation scripts

For validation, automation scripts should use the tester's security token instead of the username and password. Whenever you generate a new token, you need to update it in all of your automation scripts.

You add the Perfecto Security Token to a Selenium/Appium automation script by using the Perfecto supported securityToken capability. This should replace the use of the user and password capabilities. For example:

//      capabilities.setCapability("user", args[1]);
//      capabilities.setCapability("password", args[2]);
		capabilities.setCapability("securityToken", "eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI1NTg2MjBmZi1lMTAyLTRlNDAtOTQwNy03Y2U2MzMzODMzYTgiLCJleHAiOjAsIm5iZiI6MCwiaWF0IjoxNDk0MjM1NjA1LCJpc3MiOiJodHRwczovL2F1dGguYXdzLXN0Zy5wZXJmZWN0b21vYmlsZS5jb20vYXV0aC9yZWFsbXMvcWF0ZXN0bGFiLXBlcmZlY3RvbW9iaWxlLWNvbSIsImF1ZCI6Im9mZmxpbmUtdG9rZW4tZ2VuZXJhdG9yIiwic3ViIjoiNDVjYmE3OTYtOGUxZS00MDZmLWJiODAtMTVhNTgxOGZmYzk3IiwidHlwIjoiT2ZmbGluZSIsImF6cCI6Im9mZmxpbmUtdG9rZW4tZ2VuZXJhdG9yIiwic2Vzc2lvbl9zdGF0ZSI6ImIxODU5Y2JiLWUwZGUtNDI4OS04NGYzLTdmZjY5ZGNhMWE2MyIsImNsaWVudF9zZXNzaW9uIjoiNGU3YjFhNGEtMmJhNi00ZTNmLWFkYzgtNmNkNjNhYTA1MGQ5IiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm9mZmxpbmVfYWNjZXNzIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX19.UhkpFwRp5KnwEKr8uk08PuH0wIucdv-9_1dX8to0qcR_rMelEgn6E4US8vp-ZAJSIMiEsND49PTo3Fd_2IbHrGGcddQK4_dGy7dmHrtdt1_SOphu5QkJQgoqgzngNoJrTr1XPAiiTYsb1iRg3sGHywekMgMrUnoj3ecc-CoBTepiJpa-cd3Wc_zWf2EAuHReCNRvoaMpKN6YoMzrX39WQDR08PBMlTPN74oEMMzjIkavHb1TGRiVDuB-uDmrH2i822oDlg501k_llC8zisA7pWJkf03iYeAHitXPbQPOK8L4_qUV2BGPMY3Ul9prutsQIalYCHkgEQQU0IB_6CO6fQ");

If the security token is either incorrectly supplied (for example, missing some characters) or invalid, the script fails with a Perfecto Exception, resulting in the following message: "Access denied - cannot authenticate user"



Also in this section: