Just like in any other framework we have properties files that hold all the configuration variables. Karate expects a file called karate-config.js to exist in the classpath and contains a function JavaScript. This function is expected to return the JSON object, and that all keys and values for that JSON object will be available as script variables
The below function calls a feature file Authenticate. feature and sets the authTime and authToken values. You can use this file to set other common variables as Environment, AppID, AppSecret etc.

function fn() {    
var env = karate.env;  karate.log('karate.env system property was:', env); 
if (!env) {     env = 'dev'; 
// a custom 'intelligent' default   
}  var config = { 
// base config JSON     appId: '12344',     appSecret: '12345',     username:'xx.github.com',     
authURL: 'https://yourAuthURL/oauth2/v2.0',     
appURL: 'https://ApplicationURL' 
//get called once and store the result in the 'result'     result=karate.callsingle('classpath:authentication/Authenticate.feature',config); 
if (karate.env != 'mock' && karate.env != 'proxy' && karate.env != 'contract') 
// 'callSingle' is guaranteed to run only once even across all threads 
// and it sets a variable called 'authInfo' used in headers-single.feature 
config.authInfo = { 
authTime: result.time, authToken: result.access_token };   
return config;  

The Authentication.feature file that generate the AuthToken and AuthTime.This feature file is getting called in the above karate-config.js file and sets the authTime and authToken variables in the karate-config.js file.Since the Authentication should be done only once per session the Authentication.Feature file is called using method karate.callsingle.This method makes sure that the passed file is called only once per session.

Feature: Implicit Auth

* url authURL

Scenario: Verify the user details using OAuth2 Implicit grant type

* path 'token'
* form field grant_type = 'password'
* form field username = username
* form field password = passwordhttp://<script-async-src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>-<!---DisplayAd--->-<ins-class="adsbygoogle"------style="display:block"------data-ad-client="ca-pub-6999495384215431"------data-ad-slot="5271100211"------data-ad-format="auto"------data-full-width-responsive="true"></ins>-<script>------(adsbygoogle-=-window.adsbygoogle-||-[]).push({});-</script>
* form field client_id = appId
* form field client_secret = appSecret
* form field scope = 'api://XXX.aws.dev/service'
* method post
* status 200
* print response

* def accessToken = response.access_token

We have the Auth values set in the Karate-config.js file .let’s create another Feature file and name it Employer.Feature. This feature will have all the scenarios corresponding to employer use cases alone.

Feature: Create Employer after Authentication

//All the below data is coming from Karate-config.js file
 * url ApplicationURL
 # refer to karate-config.js to see how these were initialized
 * def time = authInfo.authTime
 * def token = authInfo.authToken
 * print token
 * print time
 # we now have enough information to set up auth / headers for all scenarios
 #* cookie time = time
 #* configure headers = read('classpath:headers.js')
 * header Authorization = 'Bearer ' + token
 Scenario: Create all employer details
 Given def query = read('createEmployerQuery.graphql')
 Given def variables =       read('createEmployerVariable.graphql')
 #And def variables = { name: 'Charmander' }
 And request { query: '#(query)', variables: '#(variables)' } 
 #And request { query: '#(query)' } 
 When method post
 * print response
 Then status 200