We have integrated Auth0 with our Google OAuth client. When our testing team runs automated end-to-end tests with Nightwatch, the tests are randomly blocked by Google’s automatic CAPTCHA detection.
This is the general flow of events:
Application bot attempts login → Auth0 forwards the login to Google (with our Google OAuth client credential parameters) → Google prompts for login → Bot enters email → Login is randomly blocked by CAPTCHA puzzle
Is anyone aware of a way to “coerce” Google to not prompt for CAPTCHA during automated testing? We have control over Auth0 and our Google Client credentials, but not the client hosting the Google login.
@Derek.Wong No, we weren’t able to solve it. We worked around it by creating Auth0 Username-Password-Authentication accounts just for the testing team. Now the automated tests log in directly with Auth0 credentials instead of going through Google. The downside is it doesn’t truly test the end-user experience.
Hey, can you share what guide or manual did you use to create that Auth0 Username-Password-Authentication account? We’re dealing with captcha in autotests in our team as well, but apparently people that has admin rights to create such stuff are not aware of those solutions. How did you do it?
@inz.slawomir
I can’t find the manual/guide I used to implement it. I think I read several documents and combined the knowledge from each. Here is what worked for me…
Prerequisites:
An email account within your organization that the testing team can manage. They will need to keep track of two passwords at most: 1) the password they use to log in to their email inbox and 2) the Auth0 password assigned to them in the following steps.
Assumes you already have a client-facing application configured in Auth0.
Create a new user with the tester’s email account from prerequisites. Give them a hard-to-guess password since the test user will likely be given elevated privileges. For more info on password policy in Auth0, see Password Strength in Auth0 Database Connections.
Under Applications, navigate to your application’s Connections settings
Toggle the Username-Password-Authentication ON.
Optional: Disable signups under Authentication > Database > Username-Password-Authentication settings to prevent unwanted bots/spammers from creating accounts. With signups disabled, users can still signup via Social login (e.g., Google OAuth2), which is known as Just-in-Time (JIT) account creation, but won’t be able to provision their own username/password accounts.
Log in to your application with the new test user account. You will be prompted for Authorization Approval the first time you log in with a new account. You should accept the request.
Now, you have a username/password combo that can be used in your E2E tests.
I have included some screenshots that can serve as a reference.
