Reputation: 18780
Auth0 - Integration tests using an actual user
I've been writing integration tests for authentication with Auth0. To achieve this, the tests use a client key and secret along with a grant type of client_credentials to test my API, but the API itself usually deals with authenticated users via the password grant type.
Although I have now implemented logic that pulls out the users details via the ID that had been stored from a previous call but because I have used a client rather than an actual user for my tests, I get an error back when trying to get the details of that user. This works absolutely fine when I have a standard user, e.g. auth0|abcdefgh when authenticating manually via a front end with a callback. But when I have the user id from the automated tests, I have a client ID abcdefg@clients, which I then can't get any details such as 'First Name' from.
Is it possible to either programmatically login with an actual user in my integration tests or make it so that Auth0 manipulates the properties when using an ID generated from my client credentials. E.G. state that the first name is test for that client etc. The client credentials have worked well so far, but now I actually try to get further details about the user, it's come undone!
Upvotes: 1
Views: 980
Answers (1)
Reputation: 18780
In the end, I followed the steps here https://auth0.com/docs/api-auth/tutorials/password-grant
In summary:
- Add the
PasswordGrant Type in the advanced settings of the application in Auth0. - Configure the Tenants Default Directory to be the connection to use.
- Request the token in a similar manner to below (other language and curl examples can be found using the link above)
var client = new RestClient("https://YOUR_DOMAIN/oauth/token");
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/x-www-form-urlencoded");
request.AddParameter("application/x-www-form-urlencoded", "grant_type=password&username=user%40example.com&password=pwd&audience=YOUR_API_IDENTIFIER&scope=read%3Asample&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
It is worth noting that this got nowhere near our production environment!
On a side note, if you have any customer MFA, you might need to add to the rule to make sure that your integration test user doesn't go through the MFA route.
Upvotes: 2
Related Questions
- Replace AuthenticationHandler for integration tests
- ASP.NET Core 6 MVC Integration Tests - Authorization
- AspNetCore: How to mock external authentication / Microsoft account for integration tests?
- ASP.NET Core 3 mock authorization during integration testing
- DefaultHttpContext testing authentication in integration tests
- Unit Testing ASP.NET Core AAD Auth
- Create unauthenticated request in integration tests in .NET Core 3.0
- Building an integration test for an AspNetCore API that uses IdentityServer 4 for Auth
- Integration testing an asp.net core with authentication providers
- Integration testing with IdentityServerAuthentication IdentityServer4