Last Updated: Nov 29, 2024
Overview
Currently, there is a process in place that uses a password database connection, with the passwords only used for the test accounts. Normal users bypassed this and were met with an MFA instead for their “login.”
Now, it is desired to migrate this to a passwordless approach and everything seems to be working as expected with account linking. However, is there a way to bypass passwordless login for automated tests?
Applies To
- Resource Owner Password Grant (ROPG)
Solution
For testing purposes, configure a database connection with test users and credentials. Then, configure the automated tests to fetch tokens using the Resource Owner Password Grant (ROPG), which only involves one simple http request to the /oauth/token endpoint. Then the remainder of the automated tests can be performed as an authenticated user. Imitating the flow of the actual connection type is not necessary (and, in some cases, not possible) since all successful auth flows end with the application receiving tokens for the authenticated user.