For my project, I need to write a Jmeter script to performance test the Login functionality. It is using Azure AD B2C API for login.
In the network tab of Chrome, it shows that Microsoft is calling 3 APIs internally before it comes back to the Redirect page of the website.
GET oauth2/v2.0/authorize - We are able to simulate in Jmeter/Postman
POST SelfAsserted - This has my username and password in the Form Data. Not able to simulate in Jmeter/Postman
GET api/CombinedSigninAndSignup/confirmed - This is the last API from Microsoft which gets called.
The redirect page of my Application is called, it has a token in id_token field in Form data.
Could you please tell us, how the simulation for SelfAsserted and Confirmed call will work ? Whether its possible to simulate the exact flow or not. I have got many posts online about how to simulate Authorize call, but not finding enough material on SelfAsserted API call.