Networked Media Open Specifications

Testing IS-10 Authorization

←Usage - Testing BCP-003-01 TLS · Index↑ · Usage - Testing of SDP Files→

Most of the test suites can be run in a mode where authorization is required according to IS-10 / BCP-003-02. This is enabled by setting ENABLE_AUTH to True.

In this mode, every request which is made by the testing tool will include a JSON Web Token issued by the testing tool’s mock authorization server, which should grant it access to the API under test.

Test suites which include ‘mocks’, most notably the IS-04 Node API suite (which include a mock registry), also require valid Access Tokens to be presented to the mock APIs by the OAuth Client (Node or Controller) under test.

Note that whilst the testing tool does not prevent authorization testing from being carried out with ENABLE_HTTPS set to False, this is for debugging purposes only. Production environments must never use authorization without TLS.

There are a number of additional configuration parameters required depending on the OAuth 2.0 options used by the OAuth Client under test.

←Usage - Testing BCP-003-01 TLS · Index↑ · Usage - Testing of SDP Files→