How to aquire access token without UI with Microsoft.Identity.Client and Integration Testing

Question

I have an API locked down by Azure B2C. Everything is configured correctly for my client app that consume this API. My question relates to the integration tests that accompany the API. While it's pretty obvious that authentication triggers a UI to sign in, how would one go about requesting a token for tests cases that require authentication without popping a UI up?

Right now I have to have a utility that allows me to grab an access token (by popping up a UI) and then using that in my test project. Ultimately it expires so all the tests fail. This makes sense but I'm wondering if anyone has come up with a way to automate the process of acquiring tokens using this library so that the test cases can acquire them without popping up a UI. Screen scraper?

Answer 1

It looks like you want the Resource Owner Password Grant Flow. B2C does not officially support this, but Azure Active Directory does.

Read these: Can I use "Resource Owner Password Grant" flow with Azure AD B2C

https://blogs.msdn.microsoft.com/wushuai/2016/09/25/resource-owner-password-credentials-grant-in-azure-ad-oauth/

Note that in the scenarios where B2C is simply acting like AAD (local accounts), you can use this flow. But for other social identity providers like Facebook and Google, you cannot use this flow.

I like your original method which is to generate an access token outside the app, and paste it in. I recommend adding to that the Refresh Token you got, and code to acquire a new token using an existing refresh token. Something like this.

Let me know if this helps.