"Register" (login for the first time) a social account via API

Help
, ,
1

Hello,
for testing purposes, we need to automate the “registration” or the first login of a social account to auth0. All I found was how to access social accounts with their own access_token I can obtain after the social account is already known to auth0. But how can I “register” a social account for the first time, to test a rule which triggers on new social accounts?

Thank you in advanced for help

2

The creation/registration of a social user depends on an external identity provider and it’s a process that will most likely require end-user interaction. Having said that, if you create your own custom social OAuth2 connection pointing to an OAuth2 mock API that does not require any sort of end-user interaction (this is dangerous, read the full answer for caveats) then you may be able to achieve what you want.

The sequence of steps would be something like:

  1. Create a custom OAuth2 connection named CUSTOM.
  2. Perform a request to the /authorize endpoint that includes a connection parameter with a value of CUSTOM.
  3. The custom OAuth2 connection was implemented in a way that the requests for authentication are automatically satisfied with test user information.

The above would mean you could trigger authentication/registration of a social test user (one where isSocial is true since it’s coming from a custom OAuth2 connection) with just a GET request that would not require any sort of manual interaction. Have in mind that something like this should only be done in a test account, because that custom OAuth2 connection would basically allow access as a test user to anyone.

3

Thanks for this idea of solution. But it seems not to work without an authorizationURL. If I try to request /authorize endpoint without, I get this error:
" OAuth2Strategy requires a authorizationURL option"

4

Yes, I should probably have been more clear; the depicted approach still requires that the custom (fake) OAuth2 connection still behaves as expected from an Auth0 standpoint which implies having an accessible endpoint for authorization.

5

Ok, so I did now. But then I get redirected to this authorizationURL and still need manual interactions. I don’t get the point. Or you are running a dummy server on this URL which redirects back again without any interactions?

6

You’ll need to fake the entire OAuth2 transaction from the perspective of the IdP that Auth0 will call, this includes a valid authorization endpoint and possibly also a token endpoint.