HTTP Basic Authentication
k6 supports HTTP Basic Auth in two ways:
Using URL credentials
Pass username and password directly in the URL:import http from "k6/http";
import { check } from "k6";
export default function() {
// Passing username and password as part of URL will authenticate using HTTP Basic Auth
let res = http.get("http://user:[email protected]/basic-auth/user/passwd");
// Verify response
check(res, {
"status is 200": (r) => r.status === 200,
"is authenticated": (r) => r.json().authenticated === true,
"is correct user": (r) => r.json().user === "user"
});
}
Using Authorization header
Manually create the Authorization header:import encoding from "k6/encoding";
import http from "k6/http";
import { check } from "k6";
export default function() {
// Alternatively you can create the header yourself to authenticate using HTTP Basic Auth
let res = http.get(
"http://httpbin.org/basic-auth/user/passwd",
{
headers: {
"Authorization": "Basic " + encoding.b64encode("user:passwd")
}
}
);
// Verify response
check(res, {
"status is 200": (r) => r.status === 200,
"is authenticated": (r) => r.json().authenticated === true,
"is correct user": (r) => r.json().user === "user"
});
}
HTTP Digest Authentication
For Digest Auth, pass credentials in the URL and add the auth: "digest" option:
import http from "k6/http";
import { check } from "k6";
export default function() {
// Passing username and password as part of URL plus the auth option will authenticate using HTTP Digest authentication
let res = http.get(
"http://user:[email protected]/digest-auth/auth/user/passwd",
{auth: "digest"}
);
// Verify response
check(res, {
"status is 200": (r) => r.status === 200,
"is authenticated": (r) => r.json().authenticated === true,
"is correct user": (r) => r.json().user === "user"
});
}
The auth: "digest" parameter tells k6 to use Digest authentication instead of Basic.
JWT Authentication
Create and verify JWT tokens using k6’s crypto module:
import crypto from "k6/crypto";
import encoding from "k6/encoding";
import {sleep} from "k6";
const algToHash = {
HS256: "sha256",
HS384: "sha384",
HS512: "sha512"
};
function sign(data, hashAlg, secret) {
let hasher = crypto.createHMAC(hashAlg, secret);
hasher.update(data);
// Some manual base64 rawurl encoding as `Hasher.digest(encodingType)`
// doesn't support that encoding type yet.
return hasher.digest("base64").replace(/\//g, "_").replace(/\+/g, "-").replace(/=/g, "");
}
function encode(payload, secret, algorithm) {
algorithm = algorithm || "HS256";
let header = encoding.b64encode(JSON.stringify({ typ: "JWT", alg: algorithm }), "rawurl");
payload = encoding.b64encode(JSON.stringify(payload), "rawurl", "s");
let sig = sign(header + "." + payload, algToHash[algorithm], secret);
return [header, payload, sig].join(".");
}
function decode(token, secret, algorithm) {
let parts = token.split('.');
let header = JSON.parse(encoding.b64decode(parts[0], "rawurl", "s"));
let payload = JSON.parse(encoding.b64decode(parts[1], "rawurl", "s"));
algorithm = algorithm || algToHash[header.alg];
if (sign(parts[0] + "." + parts[1], algorithm, secret) != parts[2]) {
throw Error("JWT signature verification failed");
}
return payload;
}
export default function() {
let message = { key2: "value2" };
let token = encode(message, "secret");
console.log("encoded", token);
let payload = decode(token, "secret");
console.log("decoded", JSON.stringify(payload));
sleep(1)
}
This example shows how to create, sign, and verify JWT tokens entirely within k6 without external libraries.