From 89fe864359783d51b86989c78f901b618f9ddbbe Mon Sep 17 00:00:00 2001
From: Sachin-Mamoru <sachinm@wso2.com>
Date: Tue, 28 May 2024 00:12:29 +0530
Subject: [PATCH] added unit test related to enhanced httpGet and httpPost
 functions

---
 .../pom.xml                                   |   8 +-
 .../http/HTTPGetFunctionImplTest.java         | 241 +++++++++++++++--
 .../http/HTTPPostFunctionImplTest.java        | 250 ++++++++++++++++--
 .../http-get-test-auth-config-with-apikey.xml |  86 ++++++
 ...p-get-test-auth-config-with-basicauth.xml} |   0
 ...-get-test-auth-config-with-bearertoken.xml |  85 ++++++
 ...test-auth-config-with-clientcredential.xml |  87 ++++++
 ...ttp-post-test-auth-config-with-apikey.xml} |   0
 ...p-post-test-auth-config-with-basicauth.xml |  89 +++++++
 ...post-test-auth-config-with-bearertoken.xml |  88 ++++++
 ...test-auth-config-with-clientcredential.xml |  90 +++++++
 11 files changed, 971 insertions(+), 53 deletions(-)
 create mode 100644 components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-get-test-auth-config-with-apikey.xml
 rename components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/{http-get-test-auth-config.xml => http-get-test-auth-config-with-basicauth.xml} (100%)
 create mode 100644 components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-get-test-auth-config-with-bearertoken.xml
 create mode 100644 components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-get-test-auth-config-with-clientcredential.xml
 rename components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/{http-post-test-auth-config.xml => http-post-test-auth-config-with-apikey.xml} (100%)
 create mode 100644 components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-post-test-auth-config-with-basicauth.xml
 create mode 100644 components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-post-test-auth-config-with-bearertoken.xml
 create mode 100644 components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-post-test-auth-config-with-clientcredential.xml

diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/pom.xml b/components/org.wso2.carbon.identity.conditional.auth.functions.http/pom.xml
index 977b0437..e9e954ab 100644
--- a/components/org.wso2.carbon.identity.conditional.auth.functions.http/pom.xml
+++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/pom.xml
@@ -64,6 +64,10 @@
             <groupId>com.googlecode.json-simple.wso2</groupId>
             <artifactId>json-simple</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.orbit.com.nimbusds</groupId>
+            <artifactId>nimbus-jose-jwt</artifactId>
+        </dependency>
 
         <dependency>
             <groupId>org.wso2.carbon.identity.framework</groupId>
@@ -103,10 +107,6 @@
             <artifactId>msf4j-core</artifactId>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.wso2.orbit.com.nimbusds</groupId>
-            <artifactId>nimbus-jose-jwt</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity.framework</groupId>
             <artifactId>org.wso2.carbon.identity.central.log.mgt</artifactId>
diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/java/org/wso2/carbon/identity/conditional/auth/functions/http/HTTPGetFunctionImplTest.java b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/java/org/wso2/carbon/identity/conditional/auth/functions/http/HTTPGetFunctionImplTest.java
index c18ea294..8c2e5f44 100644
--- a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/java/org/wso2/carbon/identity/conditional/auth/functions/http/HTTPGetFunctionImplTest.java
+++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/java/org/wso2/carbon/identity/conditional/auth/functions/http/HTTPGetFunctionImplTest.java
@@ -17,6 +17,16 @@
 
 package org.wso2.carbon.identity.conditional.auth.functions.http;
 
+import com.nimbusds.jose.JOSEException;
+import com.nimbusds.jose.JOSEObjectType;
+import com.nimbusds.jose.JWSAlgorithm;
+import com.nimbusds.jose.JWSHeader;
+import com.nimbusds.jose.crypto.RSASSASigner;
+import com.nimbusds.jose.jwk.KeyUse;
+import com.nimbusds.jose.jwk.RSAKey;
+import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.SignedJWT;
 import org.testng.annotations.AfterClass;
 import org.testng.annotations.AfterMethod;
 import org.testng.annotations.BeforeClass;
@@ -42,14 +52,19 @@
 import org.wso2.carbon.identity.conditional.auth.functions.test.utils.sequence.JsTestException;
 import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
 
+import java.util.Date;
+import java.time.Instant;
 import java.util.HashMap;
 import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.FormParam;
 import javax.ws.rs.GET;
 import javax.ws.rs.HeaderParam;
 import javax.ws.rs.Path;
+import javax.ws.rs.POST;
 import javax.ws.rs.Produces;
 
 import static org.mockito.Matchers.any;
@@ -67,13 +82,20 @@ public class HTTPGetFunctionImplTest extends JsSequenceHandlerAbstractTest {
 
     private static final String TEST_SP_CONFIG = "http-get-test-sp.xml";
     private static final String TEST_HEADERS = "http-get-test-headers.xml";
-    private static final String TEST_AUTH_CONFIG = "http-get-test-auth-config.xml";
+    private static final String TEST_AUTH_CONFIG_WITH_BASICAUTH = "http-get-test-auth-config-with-basicauth.xml";
+    private static final String TEST_AUTH_CONFIG_WITH_APIKEY = "http-get-test-auth-config-with-apikey.xml";
+    private static final String TEST_AUTH_CONFIG_WITH_BEARERTOKEN = "http-get-test-auth-config-with-bearertoken.xml";
+    private static final String TEST_AUTH_CONFIG_WITH_CLIENTCREDENTIAL = "http-get-test-auth-config-with" +
+            "-clientcredential.xml";
     private static final String TENANT_DOMAIN = "carbon.super";
     private static final String STATUS = "status";
     private static final String SUCCESS = "SUCCESS";
     private static final String FAILED = "FAILED";
+    private static final String TOKEN_ENDPOINT_SUCCESS = "success";
+    private static final String TOKEN_ENDPOINT_FAILURE = "failure";
     private static final String ALLOWED_DOMAIN = "abc";
     private static final String AUTHORIZATION = "Authorization";
+    private static final String API_KEY_HEADER = "X-API-KEY";
     private HTTPGetFunctionImpl httpGetFunction;
 
     @InjectMicroservicePort
@@ -113,8 +135,7 @@ protected void tearDownMethod() {
     @Test
     public void testHttpGetMethod() throws JsTestException {
 
-        String requestUrl = getRequestUrl("dummy-get");
-        String result = executeHttpGetFunction(requestUrl, TEST_SP_CONFIG);
+        String result = executeHttpGetFunction("dummy-get", TEST_SP_CONFIG);
 
         assertEquals(result, SUCCESS, "The http get request was not successful. Result from request: " + result);
     }
@@ -124,15 +145,14 @@ public void testHttpGetMethodUrlValidation() throws JsTestException, NoSuchField
 
         sequenceHandlerRunner.registerJsFunction("httpGet", new HTTPGetFunctionImpl());
         setAllowedDomain(ALLOWED_DOMAIN);
-        String requestUrl = getRequestUrl("dummy-get");
-        String result = executeHttpGetFunction(requestUrl, TEST_SP_CONFIG);
+        String result = executeHttpGetFunction("dummy-get", TEST_SP_CONFIG);
 
         assertEquals(result, FAILED, "The http get request should fail but it was successful. Result from request: "
                 + result);
     }
 
     /**
-     * Test http get method with headers.
+     * Test httpGet method with headers.
      * Check if the headers are sent with the request.
      *
      * @throws JsTestException
@@ -140,25 +160,73 @@ public void testHttpGetMethodUrlValidation() throws JsTestException, NoSuchField
     @Test
     public void testHttpGetMethodWithHeaders() throws JsTestException {
 
-        String requestUrl = getRequestUrl("dummy-get-with-headers");
-        String result = executeHttpGetFunction(requestUrl, TEST_HEADERS);
+        String result = executeHttpGetFunction("dummy-get-with-headers", TEST_HEADERS);
 
         assertEquals(result, SUCCESS, "The http get request was not successful. Result from request: " + result);
     }
 
     /**
-     * Test http get method with auth config.
+     * Test httpGet method with basicauth auth config.
      * Check if the auth config is applied to the request.
      *
      * @throws JsTestException
      */
     @Test
-    public void testHttpGetMethodWithAuthConfig() throws JsTestException {
+    public void testHttpGetMethodWithBasicAuthAuthConfig() throws JsTestException {
 
-        String requestUrl = getRequestUrl("dummy-get-with-auth-config");
-        String result = executeHttpGetFunction(requestUrl, TEST_AUTH_CONFIG);
+        String result = executeHttpGetFunction("dummy-get-with-basicauth-auth-config", TEST_AUTH_CONFIG_WITH_BASICAUTH);
 
-        assertEquals(result, SUCCESS, "The http get request was not successful. Result from request: " + result);
+        assertEquals(result, SUCCESS,
+                "The http get request was not successful with basicauth auth config. Result from request: " +
+                        result);
+    }
+
+    /**
+     * Test httpGet method with apikey auth config.
+     * Check if the auth config is applied to the request.
+     *
+     * @throws JsTestException
+     */
+    @Test
+    public void testHttpGetMethodWithApiKeyAuthAuthConfig() throws JsTestException {
+
+        String result = executeHttpGetFunction("dummy-get-with-apikey-auth-config", TEST_AUTH_CONFIG_WITH_APIKEY);
+
+        assertEquals(result, SUCCESS,
+                "The http get request was not successful with apikey auth config. Result from request: " +
+                        result);
+    }
+
+    /**
+     * Test httpGet method with bearertoken auth config.
+     * Check if the auth config is applied to the request.
+     *
+     * @throws JsTestException
+     */
+    @Test
+    public void testHttpGetMethodWithBearerTokenAuthConfig() throws JsTestException {
+
+        String result = executeHttpGetFunction("dummy-get-with-bearertoken-auth-config", TEST_AUTH_CONFIG_WITH_BEARERTOKEN);
+
+        assertEquals(result, SUCCESS,
+                "The http get request was not successful with bearertoken auth config. Result from request: " +
+                        result);
+    }
+
+    /**
+     * Test httpGet method with clientcredential auth config.
+     * Check if the auth config is applied to the request.
+     *
+     * @throws JsTestException
+     */
+    @Test
+    public void testHttpGetMethodWithClientCredentialAuthConfig() throws JsTestException {
+
+        String result = executeHttpGetFunction("dummy-get-with-clientcredential-auth-config", TEST_AUTH_CONFIG_WITH_CLIENTCREDENTIAL);
+
+        assertEquals(result, SUCCESS,
+                "The http get request was not successful with clientcredential auth config. Result from request: " +
+                        result);
     }
 
     /**
@@ -199,10 +267,10 @@ private String getRequestUrl(String path) {
         return "http://localhost:" + microServicePort + "/" + path;
     }
 
-    private String executeHttpGetFunction(String requestUrl, String adaptiveAuthScript) throws JsTestException {
+    private String executeHttpGetFunction(String path, String adaptiveAuthScript) throws JsTestException {
 
         ServiceProvider sp = sequenceHandlerRunner.loadServiceProviderFromResource(adaptiveAuthScript, this);
-        updateSPAuthScriptRequestUrl(sp, requestUrl);
+        updateSPAuthScriptRequestUrl(sp, path);
 
         AuthenticationContext context = sequenceHandlerRunner.createAuthenticationContext(sp);
         SequenceConfig sequenceConfig = sequenceHandlerRunner.getSequenceConfig(context, sp);
@@ -219,18 +287,64 @@ private String executeHttpGetFunction(String requestUrl, String adaptiveAuthScri
         return context.getSelectedAcr();
     }
 
-    private void updateSPAuthScriptRequestUrl(ServiceProvider sp, String url) {
+    private void updateSPAuthScriptRequestUrl(ServiceProvider sp, String path) {
 
         LocalAndOutboundAuthenticationConfig localAndOutboundAuthenticationConfig =
                 sp.getLocalAndOutBoundAuthenticationConfig();
         AuthenticationScriptConfig authenticationScriptConfig = localAndOutboundAuthenticationConfig
                 .getAuthenticationScriptConfig();
         String script = authenticationScriptConfig.getContent();
-        authenticationScriptConfig.setContent(String.format(script, url));
+        authenticationScriptConfig.setContent(getFormattedScript(script, path));
         localAndOutboundAuthenticationConfig.setAuthenticationScriptConfig(authenticationScriptConfig);
         sp.setLocalAndOutBoundAuthenticationConfig(localAndOutboundAuthenticationConfig);
     }
 
+    private String getFormattedScript(String script, String path) {
+        switch (path) {
+            case "dummy-get":
+                return String.format(script, getRequestUrl("dummy-get"));
+            case "dummy-get-with-headers":
+                return String.format(script, getRequestUrl("dummy-get-with-headers"));
+            case "dummy-get-with-basicauth-auth-config":
+                return String.format(script, getRequestUrl("dummy-get-with-basicauth-auth-config"));
+            case "dummy-get-with-apikey-auth-config":
+                return String.format(script, getRequestUrl("dummy-get-with-apikey-auth-config"));
+            case "dummy-get-with-bearertoken-auth-config":
+                return String.format(script, getRequestUrl("dummy-get-with-bearertoken-auth-config"));
+            case "dummy-get-with-clientcredential-auth-config":
+                return String.format(script, getRequestUrl("dummy-get-with-clientcredential-auth-config"),
+                        getRequestUrl("dummy-token-endpoint"));
+            default:
+                return null;
+        }
+    }
+
+    /**
+     * Generates a JSON Web Token for testing purposes.
+     */
+    private String generateTestAccessToken() throws JOSEException {
+
+        Instant instant = Instant.now().plusSeconds(3600);
+        RSAKey senderJWK = new RSAKeyGenerator(2048)
+                .keyID("123")
+                .keyUse(KeyUse.SIGNATURE)
+                .generate();
+        JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256)
+                .type(JOSEObjectType.JWT)
+                .keyID("MWQ5NWUwYWZiMmMzZTIzMzdmMzBhMWM4YjQyMjVhNWM4NjhkMGRmNzFlMGI3ZDlmYmQzNmEyMzhhYjBiNmZhYw_RS256")
+                .build();
+        JWTClaimsSet payload = new JWTClaimsSet.Builder()
+                .issuer("https://test/oauth2/token")
+                .audience("3ENOyHzZtwaP54apEjuV5H31Q_gb")
+                .subject("0aac3d44-b5tf-4641-8902-7af8713364f8")
+                .expirationTime(Date.from(instant))
+                .build();
+
+        SignedJWT signedJWT = new SignedJWT(header, payload);
+        signedJWT.sign(new RSASSASigner(senderJWK));
+        return signedJWT.serialize();
+    }
+
     @GET
     @Path("/dummy-get")
     @Produces("application/json")
@@ -256,17 +370,16 @@ public Map<String, String> dummyGetWithHeaders(@HeaderParam(AUTHORIZATION) Strin
     }
 
     /**
-     * Dummy endpoint to test the http get function with auth config.
+     * Dummy endpoint to test the http get function with basicauth auth config.
      *
      * @param authorization Authorization header value.
      * @return Response.
      */
     @GET
-    @Path("/dummy-get-with-auth-config")
+    @Path("/dummy-get-with-basicauth-auth-config")
     @Produces("application/json")
-    public Map<String, String> dummyGetWithAuthConfig(@HeaderParam(AUTHORIZATION) String authorization) {
+    public Map<String, String> dummyGetWithBasicAuthAuthConfig(@HeaderParam(AUTHORIZATION) String authorization) {
 
-        System.out.println("Authorization123: " + authorization);
         Map<String, String> response = new HashMap<>();
         if (authorization != null) {
             response.put(STATUS, SUCCESS);
@@ -275,4 +388,90 @@ public Map<String, String> dummyGetWithAuthConfig(@HeaderParam(AUTHORIZATION) St
         }
         return response;
     }
+
+    /**
+     * Dummy endpoint to test the http get function with apikey auth config.
+     *
+     * @param apikeyHeader apikey header value.
+     * @return Response.
+     */
+    @GET
+    @Path("/dummy-get-with-apikey-auth-config")
+    @Produces("application/json")
+    public Map<String, String> dummyGetWithApiKeyAuthConfig(@HeaderParam(API_KEY_HEADER) String apikeyHeader) {
+
+        Map<String, String> response = new HashMap<>();
+        if (apikeyHeader != null) {
+            response.put(STATUS, SUCCESS);
+        } else {
+            response.put(STATUS, FAILED);
+        }
+        return response;
+    }
+
+    /**
+     * Dummy endpoint to test the http get function with bearertoken auth config.
+     *
+     * @param authorization authorization header value.
+     * @return Response.
+     */
+    @GET
+    @Path("/dummy-get-with-bearertoken-auth-config")
+    @Produces("application/json")
+    public Map<String, String> dummyGetWithBearerTokenAuthConfig(@HeaderParam(AUTHORIZATION) String authorization) {
+
+        Map<String, String> response = new HashMap<>();
+        if (authorization.startsWith("Bearer")) {
+            response.put(STATUS, SUCCESS);
+        } else {
+            response.put(STATUS, FAILED);
+        }
+        return response;
+    }
+
+    /**
+     * Dummy endpoint to test the http get function with clientcredential auth config.
+     *
+     * @param authorization authorization header value.
+     * @return Response.
+     */
+    @GET
+    @Path("/dummy-get-with-clientcredential-auth-config")
+    @Produces("application/json")
+    public Map<String, String> dummyGetWithClientCredentialAuthConfig(@HeaderParam(AUTHORIZATION) String authorization) {
+
+        Map<String, String> response = new HashMap<>();
+        if (authorization.startsWith("Bearer")) {
+            response.put(STATUS, SUCCESS);
+        } else {
+            response.put(STATUS, FAILED);
+        }
+        return response;
+    }
+
+    /**
+     * Dummy token endpoint to test the http get function with clientcredential auth config.
+     *
+     * @param authorization authorization header value.
+     * @return Response.
+     */
+    @POST
+    @Path("/dummy-token-endpoint")
+    @Consumes("application/x-www-form-urlencoded")
+    @Produces("application/json")
+    public Map<String, String> dummyTokenEndpoint(@HeaderParam("Authorization") String authorization,
+                                                  @FormParam("grant_type") String grantType) throws JOSEException {
+
+        Map<String, String> response = new HashMap<>();
+        if (grantType.equals("client_credentials")) {
+            response.put("access_token", generateTestAccessToken());
+            response.put("scope", "default");
+            response.put("token_type", "Bearer");
+            response.put("expires_in", "3600");
+            return response;
+        } else {
+            response.put(STATUS, FAILED);
+        }
+        return response;
+    }
 }
diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/java/org/wso2/carbon/identity/conditional/auth/functions/http/HTTPPostFunctionImplTest.java b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/java/org/wso2/carbon/identity/conditional/auth/functions/http/HTTPPostFunctionImplTest.java
index 203ca487..050fe629 100644
--- a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/java/org/wso2/carbon/identity/conditional/auth/functions/http/HTTPPostFunctionImplTest.java
+++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/java/org/wso2/carbon/identity/conditional/auth/functions/http/HTTPPostFunctionImplTest.java
@@ -17,6 +17,16 @@
 
 package org.wso2.carbon.identity.conditional.auth.functions.http;
 
+import com.nimbusds.jose.JOSEException;
+import com.nimbusds.jose.JOSEObjectType;
+import com.nimbusds.jose.JWSAlgorithm;
+import com.nimbusds.jose.JWSHeader;
+import com.nimbusds.jose.crypto.RSASSASigner;
+import com.nimbusds.jose.jwk.KeyUse;
+import com.nimbusds.jose.jwk.RSAKey;
+import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.SignedJWT;
 import org.testng.annotations.AfterClass;
 import org.testng.annotations.AfterMethod;
 import org.testng.annotations.BeforeClass;
@@ -42,12 +52,15 @@
 import org.wso2.carbon.identity.conditional.auth.functions.test.utils.sequence.JsTestException;
 import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
 
+import java.util.Date;
+import java.time.Instant;
 import java.util.HashMap;
 import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.Consumes;
+import javax.ws.rs.FormParam;
 import javax.ws.rs.HeaderParam;
 import javax.ws.rs.Path;
 import javax.ws.rs.POST;
@@ -68,7 +81,10 @@ public class HTTPPostFunctionImplTest extends JsSequenceHandlerAbstractTest {
 
     private static final String TEST_SP_CONFIG = "http-post-test-sp.xml";
     private static final String TEST_HEADERS = "http-post-test-headers.xml";
-    private static final String TEST_AUTH_CONFIG = "http-post-test-auth-config.xml";
+    private static final String TEST_AUTH_CONFIG_WITH_APIKEY = "http-post-test-auth-config-with-apikey.xml";
+    private static final String TEST_AUTH_CONFIG_WITH_BEARERTOKEN = "http-post-test-auth-config-with-bearertoken.xml";
+    private static final String TEST_AUTH_CONFIG_WITH_BASICAUTH = "http-post-test-auth-config-with-basicauth.xml";
+    private static final String TEST_AUTH_CONFIG_WITH_CLIENTCREDENTIAL = "http-post-test-auth-config-with-clientcredential.xml";
     private static final String TENANT_DOMAIN = "carbon.super";
     private static final String STATUS = "status";
     private static final String SUCCESS = "SUCCESS";
@@ -116,8 +132,7 @@ protected void tearDownTest() {
     @Test
     public void testHttpPostMethod() throws JsTestException {
 
-        String requestUrl = getRequestUrl("dummy-post");
-        String result = executeHttpPostFunction(requestUrl, TEST_SP_CONFIG);
+        String result = executeHttpPostFunction("dummy-post", TEST_SP_CONFIG);
 
         assertEquals(result, SUCCESS, "The http post request was not successful. Result from request: " + result);
     }
@@ -126,8 +141,7 @@ public void testHttpPostMethod() throws JsTestException {
     public void testHttpPostMethodUrlValidation() throws JsTestException, NoSuchFieldException, IllegalAccessException {
 
         setAllowedDomain(ALLOWED_DOMAIN);
-        String requestUrl = getRequestUrl("dummy-post");
-        String result = executeHttpPostFunction(requestUrl, TEST_SP_CONFIG);
+        String result = executeHttpPostFunction("dummy-post", TEST_SP_CONFIG);
 
         assertEquals(result, FAILED, "The http post request should fail but it was successful. Result from request: "
                 + result);
@@ -142,25 +156,76 @@ public void testHttpPostMethodUrlValidation() throws JsTestException, NoSuchFiel
     @Test
     public void testHttpPostWithHeaders() throws JsTestException {
 
-        String requestUrl = getRequestUrl("dummy-post-headers");
-        String result = executeHttpPostFunction(requestUrl, TEST_HEADERS);
+        String result = executeHttpPostFunction("dummy-post-with-headers", TEST_HEADERS);
         assertEquals(result, SUCCESS, "The http post request was not successful. Result from request: "
                 + result);
     }
 
     /**
-     * Test httpPost with auth config.
-     * Check if the auth config is sent with the request.
+     * Test httpPost method with basicauth auth config.
+     * Check if the auth config is applied to the request.
      *
      * @throws JsTestException
      */
     @Test
-    public void testHttpPostWithAuthConfig() throws JsTestException {
+    public void testHttpPostMethodWithBasicAuthAuthConfig() throws JsTestException {
 
-        String requestUrl = getRequestUrl("dummy-post-auth-config");
-        String result = executeHttpPostFunction(requestUrl, TEST_AUTH_CONFIG);
-        assertEquals(result, SUCCESS, "The http post request was not successful. Result from request: "
-                + result);
+        String result = executeHttpPostFunction("dummy-post-with-basicauth-auth-config",
+                TEST_AUTH_CONFIG_WITH_BASICAUTH);
+
+        assertEquals(result, SUCCESS,
+                "The http post request was not successful with basicauth auth config. Result from request: " +
+                        result);
+    }
+
+    /**
+     * Test httpPost method with apikey auth config.
+     * Check if the auth config is applied to the request.
+     *
+     * @throws JsTestException
+     */
+    @Test
+    public void testHttpPostMethodWithApiKeyAuthAuthConfig() throws JsTestException {
+
+        String result = executeHttpPostFunction("dummy-post-with-apikey-auth-config", TEST_AUTH_CONFIG_WITH_APIKEY);
+
+        assertEquals(result, SUCCESS,
+                "The http post request was not successful with apikey auth config. Result from request: " +
+                        result);
+    }
+
+    /**
+     * Test httpPost method with bearertoken auth config.
+     * Check if the auth config is applied to the request.
+     *
+     * @throws JsTestException
+     */
+    @Test
+    public void testHttpPostMethodWithBearerTokenAuthConfig() throws JsTestException {
+
+        String result = executeHttpPostFunction("dummy-post-with-bearertoken-auth-config",
+                TEST_AUTH_CONFIG_WITH_BEARERTOKEN);
+
+        assertEquals(result, SUCCESS,
+                "The http post request was not successful with bearertoken auth config. Result from request: " +
+                        result);
+    }
+
+    /**
+     * Test httpPost method with clientcredential auth config.
+     * Check if the auth config is applied to the request.
+     *
+     * @throws JsTestException
+     */
+    @Test
+    public void testHttpPostMethodWithClientCredentialAuthConfig() throws JsTestException {
+
+        String result = executeHttpPostFunction("dummy-post-with-clientcredential-auth-config",
+                TEST_AUTH_CONFIG_WITH_CLIENTCREDENTIAL);
+
+        assertEquals(result, SUCCESS,
+                "The http post request was not successful with clientcredential auth config. Result from request: " +
+                        result);
     }
 
     /**
@@ -205,10 +270,10 @@ private String getRequestUrl(String path) {
         return "http://localhost:" + microServicePort + "/" + path;
     }
 
-    private String executeHttpPostFunction(String requestUrl, String adaptiveAuthScript) throws JsTestException {
+    private String executeHttpPostFunction(String path, String adaptiveAuthScript) throws JsTestException {
 
         ServiceProvider sp = sequenceHandlerRunner.loadServiceProviderFromResource(adaptiveAuthScript, this);
-        updateSPAuthScriptRequestUrl(sp, requestUrl);
+        updateSPAuthScriptRequestUrl(sp, path);
 
         AuthenticationContext context = sequenceHandlerRunner.createAuthenticationContext(sp);
         SequenceConfig sequenceConfig = sequenceHandlerRunner.getSequenceConfig(context, sp);
@@ -225,18 +290,64 @@ private String executeHttpPostFunction(String requestUrl, String adaptiveAuthScr
         return context.getSelectedAcr();
     }
 
-    private void updateSPAuthScriptRequestUrl(ServiceProvider sp, String url) {
+    private void updateSPAuthScriptRequestUrl(ServiceProvider sp, String path) {
 
         LocalAndOutboundAuthenticationConfig localAndOutboundAuthenticationConfig =
                 sp.getLocalAndOutBoundAuthenticationConfig();
         AuthenticationScriptConfig authenticationScriptConfig = localAndOutboundAuthenticationConfig
                 .getAuthenticationScriptConfig();
         String script = authenticationScriptConfig.getContent();
-        authenticationScriptConfig.setContent(String.format(script, url));
+        authenticationScriptConfig.setContent(getFormattedScript(script, path));
         localAndOutboundAuthenticationConfig.setAuthenticationScriptConfig(authenticationScriptConfig);
         sp.setLocalAndOutBoundAuthenticationConfig(localAndOutboundAuthenticationConfig);
     }
 
+    private String getFormattedScript(String script, String path) {
+        switch (path) {
+            case "dummy-post":
+                return String.format(script, getRequestUrl("dummy-post"));
+            case "dummy-post-with-headers":
+                return String.format(script, getRequestUrl("dummy-post-with-headers"));
+            case "dummy-post-with-basicauth-auth-config":
+                return String.format(script, getRequestUrl("dummy-post-with-basicauth-auth-config"));
+            case "dummy-post-with-apikey-auth-config":
+                return String.format(script, getRequestUrl("dummy-post-with-apikey-auth-config"));
+            case "dummy-post-with-bearertoken-auth-config":
+                return String.format(script, getRequestUrl("dummy-post-with-bearertoken-auth-config"));
+            case "dummy-post-with-clientcredential-auth-config":
+                return String.format(script, getRequestUrl("dummy-post-with-clientcredential-auth-config"),
+                        getRequestUrl("dummy-token-endpoint"));
+            default:
+                return null;
+        }
+    }
+
+    /**
+     * Generates a JSON Web Token for testing purposes.
+     */
+    private String generateTestAccessToken() throws JOSEException {
+
+        Instant instant = Instant.now().plusSeconds(3600);
+        RSAKey senderJWK = new RSAKeyGenerator(2048)
+                .keyID("123")
+                .keyUse(KeyUse.SIGNATURE)
+                .generate();
+        JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256)
+                .type(JOSEObjectType.JWT)
+                .keyID("MWQ5NWUwYWZiMmMzZTIzMzdmMzBhMWM4YjQyMjVhNWM4NjhkMGRmNzFlMGI3ZDlmYmQzNmEyMzhhYjBiNmZhYw_RS256")
+                .build();
+        JWTClaimsSet payload = new JWTClaimsSet.Builder()
+                .issuer("https://test/oauth2/token")
+                .audience("3ENOyHzZtwaP54apEjuV5H31Q_gb")
+                .subject("0aac3d44-b5tf-4641-8902-7af8713364f8")
+                .expirationTime(Date.from(instant))
+                .build();
+
+        SignedJWT signedJWT = new SignedJWT(header, payload);
+        signedJWT.sign(new RSASSASigner(senderJWK));
+        return signedJWT.serialize();
+    }
+
     @POST
     @Path("/dummy-post")
     @Produces("application/json")
@@ -260,7 +371,7 @@ public Map<String, String> dummyPost(Map<String, String> data) {
      * @return
      */
     @POST
-    @Path("/dummy-post-headers")
+    @Path("/dummy-post-with-headers")
     @Produces("application/json")
     @Consumes("application/json")
     public Map<String, String> dummyPostWithHeaders(@HeaderParam(AUTHORIZATION) String authorization, Map<String, String> data) {
@@ -275,18 +386,35 @@ public Map<String, String> dummyPostWithHeaders(@HeaderParam(AUTHORIZATION) Stri
     }
 
     /**
-     * Dummy post method to test auth config.
-     * Check if the auth config is sent with the request.
-     * @param apikeyHeader
-     * @param data
-     * @return
+     * Dummy endpoint to test the http post function with basicauth auth config.
+     *
+     * @param authorization Authorization header value.
+     * @return Response.
      */
     @POST
-    @Path("/dummy-post-auth-config")
+    @Path("/dummy-post-with-basicauth-auth-config")
     @Produces("application/json")
-    @Consumes("application/json")
-    public Map<String, String> dummyPostWithAuthConfig(@HeaderParam(API_KEY_HEADER) String apikeyHeader,
-                                                       Map<String, String> data) {
+    public Map<String, String> dummyPostWithBasicAuthAuthConfig(@HeaderParam(AUTHORIZATION) String authorization, Map<String, String> data) {
+
+        Map<String, String> response = new HashMap<>();
+        if (data.containsKey(EMAIL) && authorization != null) {
+            response.put(STATUS, SUCCESS);
+        } else {
+            response.put(STATUS, FAILED);
+        }
+        return response;
+    }
+
+    /**
+     * Dummy endpoint to test the http post function with apikey auth config.
+     *
+     * @param apikeyHeader apikey header value.
+     * @return Response.
+     */
+    @POST
+    @Path("/dummy-post-with-apikey-auth-config")
+    @Produces("application/json")
+    public Map<String, String> dummyPostWithApiKeyAuthConfig(@HeaderParam(API_KEY_HEADER) String apikeyHeader, Map<String, String> data) {
 
         Map<String, String> response = new HashMap<>();
         if (data.containsKey(EMAIL) && apikeyHeader != null) {
@@ -296,4 +424,70 @@ public Map<String, String> dummyPostWithAuthConfig(@HeaderParam(API_KEY_HEADER)
         }
         return response;
     }
+
+    /**
+     * Dummy endpoint to test the http post function with bearertoken auth config.
+     *
+     * @param authorization authorization header value.
+     * @return Response.
+     */
+    @POST
+    @Path("/dummy-post-with-bearertoken-auth-config")
+    @Produces("application/json")
+    public Map<String, String> dummyPostWithBearerTokenAuthConfig(@HeaderParam(AUTHORIZATION) String authorization, Map<String, String> data) {
+
+        Map<String, String> response = new HashMap<>();
+        if (data.containsKey(EMAIL) && authorization.startsWith("Bearer")) {
+            response.put(STATUS, SUCCESS);
+        } else {
+            response.put(STATUS, FAILED);
+        }
+        return response;
+    }
+
+    /**
+     * Dummy endpoint to test the http post function with clientcredential auth config.
+     *
+     * @param authorization authorization header value.
+     * @return Response.
+     */
+    @POST
+    @Path("/dummy-post-with-clientcredential-auth-config")
+    @Produces("application/json")
+    public Map<String, String> dummyPostWithClientCredentialAuthConfig(@HeaderParam(AUTHORIZATION) String authorization, Map<String, String> data) {
+
+        Map<String, String> response = new HashMap<>();
+        if (data.containsKey(EMAIL) && authorization.startsWith("Bearer")) {
+            response.put(STATUS, SUCCESS);
+        } else {
+            response.put(STATUS, FAILED);
+        }
+        return response;
+    }
+
+    /**
+     * Dummy token endpoint to test the http post function with clientcredential auth config.
+     *
+     * @param authorization authorization header value.
+     * @return Response.
+     */
+    @POST
+    @Path("/dummy-token-endpoint")
+    @Consumes("application/x-www-form-urlencoded")
+    @Produces("application/json")
+    public Map<String, String> dummyTokenEndpoint(@HeaderParam("Authorization") String authorization,
+                                                  @FormParam("grant_type") String grantType) throws JOSEException {
+
+        Map<String, String> response = new HashMap<>();
+        if (grantType.equals("client_credentials")) {
+            response.put("access_token", generateTestAccessToken());
+            response.put("scope", "default");
+            response.put("token_type", "Bearer");
+            response.put("expires_in", "3600");
+            return response;
+        } else {
+            response.put(STATUS, FAILED);
+        }
+        return response;
+    }
 }
diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-get-test-auth-config-with-apikey.xml b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-get-test-auth-config-with-apikey.xml
new file mode 100644
index 00000000..da7b352b
--- /dev/null
+++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-get-test-auth-config-with-apikey.xml
@@ -0,0 +1,86 @@
+<!--
+  ~ Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+  ~
+  ~ WSO2 LLC. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<ServiceProvider>
+    <ApplicationID>1</ApplicationID>
+    <ApplicationName>default</ApplicationName>
+    <Description>Default Service Provider</Description>
+    <InboundAuthenticationConfig>
+        <InboundAuthenticationRequestConfigs>
+            <InboundAuthenticationRequestConfig>
+                <InboundAuthKey>default</InboundAuthKey>
+                <InboundAuthType></InboundAuthType>
+                <Properties></Properties>
+            </InboundAuthenticationRequestConfig>
+        </InboundAuthenticationRequestConfigs>
+    </InboundAuthenticationConfig>
+    <LocalAndOutBoundAuthenticationConfig>
+        <AuthenticationSteps>
+            <AuthenticationStep>
+                <StepOrder>1</StepOrder>
+                <LocalAuthenticatorConfigs>
+                    <LocalAuthenticatorConfig>
+                        <Name>BasicMockAuthenticator</Name>
+                        <DisplayName>basicauth</DisplayName>
+                        <IsEnabled>true</IsEnabled>
+                    </LocalAuthenticatorConfig>
+                </LocalAuthenticatorConfigs>
+                <SubjectStep>true</SubjectStep>
+                <AttributeStep>true</AttributeStep>
+            </AuthenticationStep>
+        </AuthenticationSteps>
+        <AuthenticationScript type="application/javascript" enabled="true"><![CDATA[
+
+function onLoginRequest(context) {
+    httpGet('%s',
+        {
+            "Accept": "application/json"
+        },
+        {
+            "type": "apikey",
+            "properties": {
+                "headerName": "X-API-KEY",
+                "apiKey": "a-p-i-k-e-y"
+            }
+        },
+        {
+            onSuccess: function(context, data) {
+                Log.info('httpGet call success');
+                context.selectedAcr = data.status;
+                executeStep(1);
+            },
+            onFail: function(context, data) {
+                Log.info('httpGet call failed');
+                context.selectedAcr = 'FAILED';
+                executeStep(1);
+            }
+        }
+    );
+}
+
+]]></AuthenticationScript>
+        <AuthenticationType>flow</AuthenticationType>
+    </LocalAndOutBoundAuthenticationConfig>
+    <RequestPathAuthenticatorConfigs></RequestPathAuthenticatorConfigs>
+    <InboundProvisioningConfig></InboundProvisioningConfig>
+    <OutboundProvisioningConfig></OutboundProvisioningConfig>
+    <ClaimConfig>
+        <AlwaysSendMappedLocalSubjectId>true</AlwaysSendMappedLocalSubjectId>
+    </ClaimConfig>
+    <PermissionAndRoleConfig></PermissionAndRoleConfig>
+</ServiceProvider>
diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-get-test-auth-config.xml b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-get-test-auth-config-with-basicauth.xml
similarity index 100%
rename from components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-get-test-auth-config.xml
rename to components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-get-test-auth-config-with-basicauth.xml
diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-get-test-auth-config-with-bearertoken.xml b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-get-test-auth-config-with-bearertoken.xml
new file mode 100644
index 00000000..1c7436dc
--- /dev/null
+++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-get-test-auth-config-with-bearertoken.xml
@@ -0,0 +1,85 @@
+<!--
+  ~ Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+  ~
+  ~ WSO2 LLC. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<ServiceProvider>
+    <ApplicationID>1</ApplicationID>
+    <ApplicationName>default</ApplicationName>
+    <Description>Default Service Provider</Description>
+    <InboundAuthenticationConfig>
+        <InboundAuthenticationRequestConfigs>
+            <InboundAuthenticationRequestConfig>
+                <InboundAuthKey>default</InboundAuthKey>
+                <InboundAuthType></InboundAuthType>
+                <Properties></Properties>
+            </InboundAuthenticationRequestConfig>
+        </InboundAuthenticationRequestConfigs>
+    </InboundAuthenticationConfig>
+    <LocalAndOutBoundAuthenticationConfig>
+        <AuthenticationSteps>
+            <AuthenticationStep>
+                <StepOrder>1</StepOrder>
+                <LocalAuthenticatorConfigs>
+                    <LocalAuthenticatorConfig>
+                        <Name>BasicMockAuthenticator</Name>
+                        <DisplayName>basicauth</DisplayName>
+                        <IsEnabled>true</IsEnabled>
+                    </LocalAuthenticatorConfig>
+                </LocalAuthenticatorConfigs>
+                <SubjectStep>true</SubjectStep>
+                <AttributeStep>true</AttributeStep>
+            </AuthenticationStep>
+        </AuthenticationSteps>
+        <AuthenticationScript type="application/javascript" enabled="true"><![CDATA[
+
+function onLoginRequest(context) {
+    httpGet('%s',
+        {
+            "Accept": "application/json"
+        },
+        {
+            "type": "bearertoken",
+            "properties": {
+                "token": "test-token",
+            }
+        },
+        {
+            onSuccess: function(context, data) {
+                Log.info('httpGet call success');
+                context.selectedAcr = data.status;
+                executeStep(1);
+            },
+            onFail: function(context, data) {
+                Log.info('httpGet call failed');
+                context.selectedAcr = 'FAILED';
+                executeStep(1);
+            }
+        }
+    );
+}
+
+]]></AuthenticationScript>
+        <AuthenticationType>flow</AuthenticationType>
+    </LocalAndOutBoundAuthenticationConfig>
+    <RequestPathAuthenticatorConfigs></RequestPathAuthenticatorConfigs>
+    <InboundProvisioningConfig></InboundProvisioningConfig>
+    <OutboundProvisioningConfig></OutboundProvisioningConfig>
+    <ClaimConfig>
+        <AlwaysSendMappedLocalSubjectId>true</AlwaysSendMappedLocalSubjectId>
+    </ClaimConfig>
+    <PermissionAndRoleConfig></PermissionAndRoleConfig>
+</ServiceProvider>
diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-get-test-auth-config-with-clientcredential.xml b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-get-test-auth-config-with-clientcredential.xml
new file mode 100644
index 00000000..80399a8c
--- /dev/null
+++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-get-test-auth-config-with-clientcredential.xml
@@ -0,0 +1,87 @@
+<!--
+  ~ Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+  ~
+  ~ WSO2 LLC. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<ServiceProvider>
+    <ApplicationID>1</ApplicationID>
+    <ApplicationName>default</ApplicationName>
+    <Description>Default Service Provider</Description>
+    <InboundAuthenticationConfig>
+        <InboundAuthenticationRequestConfigs>
+            <InboundAuthenticationRequestConfig>
+                <InboundAuthKey>default</InboundAuthKey>
+                <InboundAuthType></InboundAuthType>
+                <Properties></Properties>
+            </InboundAuthenticationRequestConfig>
+        </InboundAuthenticationRequestConfigs>
+    </InboundAuthenticationConfig>
+    <LocalAndOutBoundAuthenticationConfig>
+        <AuthenticationSteps>
+            <AuthenticationStep>
+                <StepOrder>1</StepOrder>
+                <LocalAuthenticatorConfigs>
+                    <LocalAuthenticatorConfig>
+                        <Name>BasicMockAuthenticator</Name>
+                        <DisplayName>basicauth</DisplayName>
+                        <IsEnabled>true</IsEnabled>
+                    </LocalAuthenticatorConfig>
+                </LocalAuthenticatorConfigs>
+                <SubjectStep>true</SubjectStep>
+                <AttributeStep>true</AttributeStep>
+            </AuthenticationStep>
+        </AuthenticationSteps>
+        <AuthenticationScript type="application/javascript" enabled="true"><![CDATA[
+
+function onLoginRequest(context) {
+    httpGet('%s',
+        {
+            "Accept": "application/json"
+        },
+        {
+            "type": "clientcredential",
+            "properties": {
+                "consumerKey": "clientId",
+                "consumerSecret": "clientSecret",
+                "tokenEndpoint": '%s'
+            }
+        },
+        {
+            onSuccess: function(context, data) {
+                Log.info('httpGet call success');
+                context.selectedAcr = data.status;
+                executeStep(1);
+            },
+            onFail: function(context, data) {
+                Log.info('httpGet call failed');
+                context.selectedAcr = 'FAILED';
+                executeStep(1);
+            }
+        }
+    );
+}
+
+]]></AuthenticationScript>
+        <AuthenticationType>flow</AuthenticationType>
+    </LocalAndOutBoundAuthenticationConfig>
+    <RequestPathAuthenticatorConfigs></RequestPathAuthenticatorConfigs>
+    <InboundProvisioningConfig></InboundProvisioningConfig>
+    <OutboundProvisioningConfig></OutboundProvisioningConfig>
+    <ClaimConfig>
+        <AlwaysSendMappedLocalSubjectId>true</AlwaysSendMappedLocalSubjectId>
+    </ClaimConfig>
+    <PermissionAndRoleConfig></PermissionAndRoleConfig>
+</ServiceProvider>
diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-post-test-auth-config.xml b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-post-test-auth-config-with-apikey.xml
similarity index 100%
rename from components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-post-test-auth-config.xml
rename to components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-post-test-auth-config-with-apikey.xml
diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-post-test-auth-config-with-basicauth.xml b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-post-test-auth-config-with-basicauth.xml
new file mode 100644
index 00000000..e4a12d84
--- /dev/null
+++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-post-test-auth-config-with-basicauth.xml
@@ -0,0 +1,89 @@
+<!--
+  ~ Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+  ~
+  ~ WSO2 LLC. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<ServiceProvider>
+    <ApplicationID>1</ApplicationID>
+    <ApplicationName>default</ApplicationName>
+    <Description>Default Service Provider</Description>
+    <InboundAuthenticationConfig>
+        <InboundAuthenticationRequestConfigs>
+            <InboundAuthenticationRequestConfig>
+                <InboundAuthKey>default</InboundAuthKey>
+                <InboundAuthType></InboundAuthType>
+                <Properties></Properties>
+            </InboundAuthenticationRequestConfig>
+        </InboundAuthenticationRequestConfigs>
+    </InboundAuthenticationConfig>
+    <LocalAndOutBoundAuthenticationConfig>
+        <AuthenticationSteps>
+            <AuthenticationStep>
+                <StepOrder>1</StepOrder>
+                <LocalAuthenticatorConfigs>
+                    <LocalAuthenticatorConfig>
+                        <Name>BasicMockAuthenticator</Name>
+                        <DisplayName>basicauth</DisplayName>
+                        <IsEnabled>true</IsEnabled>
+                    </LocalAuthenticatorConfig>
+                </LocalAuthenticatorConfigs>
+                <SubjectStep>true</SubjectStep>
+                <AttributeStep>true</AttributeStep>
+            </AuthenticationStep>
+        </AuthenticationSteps>
+        <AuthenticationScript type="application/javascript" enabled="true"><![CDATA[
+
+function onLoginRequest(context) {
+    httpPost('%s',
+        {
+            "email": 'test@wso2.com',
+        },
+        {
+            "Accept": "application/json"
+        },
+        {
+            "type": "basicauth",
+            "properties": {
+                "username": "admin",
+                "password": "admin"
+            }
+        },
+        {
+            onSuccess: function(context, data) {
+                Log.info('httpGet call success');
+                context.selectedAcr = data.status;
+                executeStep(1);
+            },
+            onFail: function(context, data) {
+                Log.info('httpGet call failed');
+                context.selectedAcr = 'FAILED';
+                executeStep(1);
+            }
+        }
+    );
+}
+
+]]></AuthenticationScript>
+        <AuthenticationType>flow</AuthenticationType>
+    </LocalAndOutBoundAuthenticationConfig>
+    <RequestPathAuthenticatorConfigs></RequestPathAuthenticatorConfigs>
+    <InboundProvisioningConfig></InboundProvisioningConfig>
+    <OutboundProvisioningConfig></OutboundProvisioningConfig>
+    <ClaimConfig>
+        <AlwaysSendMappedLocalSubjectId>true</AlwaysSendMappedLocalSubjectId>
+    </ClaimConfig>
+    <PermissionAndRoleConfig></PermissionAndRoleConfig>
+</ServiceProvider>
diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-post-test-auth-config-with-bearertoken.xml b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-post-test-auth-config-with-bearertoken.xml
new file mode 100644
index 00000000..ecd277f7
--- /dev/null
+++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-post-test-auth-config-with-bearertoken.xml
@@ -0,0 +1,88 @@
+<!--
+  ~ Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+  ~
+  ~ WSO2 LLC. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<ServiceProvider>
+    <ApplicationID>1</ApplicationID>
+    <ApplicationName>default</ApplicationName>
+    <Description>Default Service Provider</Description>
+    <InboundAuthenticationConfig>
+        <InboundAuthenticationRequestConfigs>
+            <InboundAuthenticationRequestConfig>
+                <InboundAuthKey>default</InboundAuthKey>
+                <InboundAuthType></InboundAuthType>
+                <Properties></Properties>
+            </InboundAuthenticationRequestConfig>
+        </InboundAuthenticationRequestConfigs>
+    </InboundAuthenticationConfig>
+    <LocalAndOutBoundAuthenticationConfig>
+        <AuthenticationSteps>
+            <AuthenticationStep>
+                <StepOrder>1</StepOrder>
+                <LocalAuthenticatorConfigs>
+                    <LocalAuthenticatorConfig>
+                        <Name>BasicMockAuthenticator</Name>
+                        <DisplayName>basicauth</DisplayName>
+                        <IsEnabled>true</IsEnabled>
+                    </LocalAuthenticatorConfig>
+                </LocalAuthenticatorConfigs>
+                <SubjectStep>true</SubjectStep>
+                <AttributeStep>true</AttributeStep>
+            </AuthenticationStep>
+        </AuthenticationSteps>
+        <AuthenticationScript type="application/javascript" enabled="true"><![CDATA[
+
+function onLoginRequest(context) {
+    httpPost('%s',
+        {
+            "email": 'test@wso2.com',
+        },
+        {
+            "Accept": "application/json"
+        },
+        {
+            "type": "bearertoken",
+            "properties": {
+                "token": "test-token",
+            }
+        },
+        {
+            onSuccess: function(context, data) {
+                Log.info('httpGet call success');
+                context.selectedAcr = data.status;
+                executeStep(1);
+            },
+            onFail: function(context, data) {
+                Log.info('httpGet call failed');
+                context.selectedAcr = 'FAILED';
+                executeStep(1);
+            }
+        }
+    );
+}
+
+]]></AuthenticationScript>
+        <AuthenticationType>flow</AuthenticationType>
+    </LocalAndOutBoundAuthenticationConfig>
+    <RequestPathAuthenticatorConfigs></RequestPathAuthenticatorConfigs>
+    <InboundProvisioningConfig></InboundProvisioningConfig>
+    <OutboundProvisioningConfig></OutboundProvisioningConfig>
+    <ClaimConfig>
+        <AlwaysSendMappedLocalSubjectId>true</AlwaysSendMappedLocalSubjectId>
+    </ClaimConfig>
+    <PermissionAndRoleConfig></PermissionAndRoleConfig>
+</ServiceProvider>
diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-post-test-auth-config-with-clientcredential.xml b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-post-test-auth-config-with-clientcredential.xml
new file mode 100644
index 00000000..16374316
--- /dev/null
+++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/resources/org/wso2/carbon/identity/conditional/auth/functions/http/http-post-test-auth-config-with-clientcredential.xml
@@ -0,0 +1,90 @@
+<!--
+  ~ Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+  ~
+  ~ WSO2 LLC. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<ServiceProvider>
+    <ApplicationID>1</ApplicationID>
+    <ApplicationName>default</ApplicationName>
+    <Description>Default Service Provider</Description>
+    <InboundAuthenticationConfig>
+        <InboundAuthenticationRequestConfigs>
+            <InboundAuthenticationRequestConfig>
+                <InboundAuthKey>default</InboundAuthKey>
+                <InboundAuthType></InboundAuthType>
+                <Properties></Properties>
+            </InboundAuthenticationRequestConfig>
+        </InboundAuthenticationRequestConfigs>
+    </InboundAuthenticationConfig>
+    <LocalAndOutBoundAuthenticationConfig>
+        <AuthenticationSteps>
+            <AuthenticationStep>
+                <StepOrder>1</StepOrder>
+                <LocalAuthenticatorConfigs>
+                    <LocalAuthenticatorConfig>
+                        <Name>BasicMockAuthenticator</Name>
+                        <DisplayName>basicauth</DisplayName>
+                        <IsEnabled>true</IsEnabled>
+                    </LocalAuthenticatorConfig>
+                </LocalAuthenticatorConfigs>
+                <SubjectStep>true</SubjectStep>
+                <AttributeStep>true</AttributeStep>
+            </AuthenticationStep>
+        </AuthenticationSteps>
+        <AuthenticationScript type="application/javascript" enabled="true"><![CDATA[
+
+function onLoginRequest(context) {
+    httpPost('%s',
+        {
+            "email": 'test@wso2.com',
+        },
+        {
+            "Accept": "application/json"
+        },
+        {
+            "type": "clientcredential",
+            "properties": {
+                "consumerKey": "clientId",
+                "consumerSecret": "clientSecret",
+                "tokenEndpoint": '%s'
+            }
+        },
+        {
+            onSuccess: function(context, data) {
+                Log.info('httpGet call success');
+                context.selectedAcr = data.status;
+                executeStep(1);
+            },
+            onFail: function(context, data) {
+                Log.info('httpGet call failed');
+                context.selectedAcr = 'FAILED';
+                executeStep(1);
+            }
+        }
+    );
+}
+
+]]></AuthenticationScript>
+        <AuthenticationType>flow</AuthenticationType>
+    </LocalAndOutBoundAuthenticationConfig>
+    <RequestPathAuthenticatorConfigs></RequestPathAuthenticatorConfigs>
+    <InboundProvisioningConfig></InboundProvisioningConfig>
+    <OutboundProvisioningConfig></OutboundProvisioningConfig>
+    <ClaimConfig>
+        <AlwaysSendMappedLocalSubjectId>true</AlwaysSendMappedLocalSubjectId>
+    </ClaimConfig>
+    <PermissionAndRoleConfig></PermissionAndRoleConfig>
+</ServiceProvider>