We are using Auth0 for authentication in our application and specifically the authorization code flow that connects to our backend and redirects the frontend to the Universal Login page hosted by auth0. Then our backend creates an application session and sends it with a cookie to the client if all goes well.
The flow works good enough.
When it comes to e2e testing things are getting more complicated since the flow is interactive. The steps that i followed to test this programatically are:
- Login the user using the
/oauth/token- works fine and I am getting back access_token, expires_in, id_token but it is not really useful since the callback expects an authorization code
- Request the
/authorizeusing silent authentication
- This should request the callback url with the correct code etc
In step 2, I get back
error login required. What I can understand from different questions in the forum is that an SSO cookie should have been created in the first step for the user and this would be validated in step 2.
My question is how I can get a valid SSO cookie programmatically without interactive login?
Is this a good approach for e2e testing or maybe it is better to setup a M2M application only for that reason?
Thank you in advance