Bypassing authentication for integration tests

Hello,

I’m trying to add integration tests (using Puppeteer) and have MFA/SMS set up with my app. Since I’m testing locally, is there any way to white list a (test) account and/or bypass the MFA/SMS part so I can test the rest of my app when I log in?

Update: I’m currently looking into Configuring Custom MFA and setting Rules, but am not sure if this is the right approach. Is there a value we can give the Provider key to ignore all MFA while testing?

Update2: I found a Whitelist rule and added a test email. When I logged in with the test email, I was still seeing the MFA screen. I’m not sure if I’m using the wrong Rule or not specifying localhost , but I’m not sure where to go from here.

Best,
Binh

Hello, do you need to test the MFA and bypass the screen or you want to bypass completely the MFA for the test user?
On this docs https://auth0.com/docs/multifactor-authentication/custom#customize-mfa-for-select-users there is an example on how to setup. The following rule, will not ask for MFA for the user with that email

function (user, context, callback) {
  if (user.email !== 'test@test.com') {
    context.multifactor = {
        provider: 'guardian',
        allowRememberBrowser: false
      };
  }

  callback(null, user, context);
}

Hi Jose, thanks for the reply. I’m going to try a different route and utilize JWTs first. If things don’t go as plan, I’ll give your rule a try sometime later today. I’ll be sure to update this thread accordingly.

Update: I tried setting my grant_type to client_credentials through here but it keeps returning an unknown error. I feel like this would’ve gotten me there.

1 Like

Hi @jose.navarro, is it possible to generate a JWT that we can ignore for testing? i.e. mock out the Auth0 service to accept only that JWT. How would that look like?

Hi @binhxn we do not have such service, if you call to your public tenant, everything is going to be valid.
Does puppeter have any library like sinon?

Puppeteer does not, but we do have Sinon being used in the back end. I’m still figuring out how to create a mock JWT that would be stored in the localStorage of the Chromium instance when launching Puppeteer… and then running that against our server. Will update as soon as I can.

cool, i would like to get more info about your outcome on this issue.