Bypassing authentication for integration tests

binhxn · February 6, 2019, 6:01am

Hello,

I’m trying to add integration tests (using Puppeteer) and have MFA/SMS set up with my app. Since I’m testing locally, is there any way to white list a (test) account and/or bypass the MFA/SMS part so I can test the rest of my app when I log in?

Update: I’m currently looking into Configuring Custom MFA and setting Rules, but am not sure if this is the right approach. Is there a value we can give the Provider key to ignore all MFA while testing?

Update2: I found a Whitelist rule and added a test email. When I logged in with the test email, I was still seeing the MFA screen. I’m not sure if I’m using the wrong Rule or not specifying localhost , but I’m not sure where to go from here.

Best,
Binh

jose.navarro · February 6, 2019, 3:37pm

Hello, do you need to test the MFA and bypass the screen or you want to bypass completely the MFA for the test user?
On this docs https://auth0.com/docs/multifactor-authentication/custom#customize-mfa-for-select-users there is an example on how to setup. The following rule, will not ask for MFA for the user with that email

function (user, context, callback) {
  if (user.email !== 'test@test.com') {
    context.multifactor = {
        provider: 'guardian',
        allowRememberBrowser: false
      };
  }

  callback(null, user, context);
}

binhxn · February 7, 2019, 4:50am

Hi Jose, thanks for the reply. I’m going to try a different route and utilize JWTs first. If things don’t go as plan, I’ll give your rule a try sometime later today. I’ll be sure to update this thread accordingly.

Update: I tried setting my grant_type to client_credentials through here but it keeps returning an unknown error. I feel like this would’ve gotten me there.

binhxn · February 6, 2019, 11:57pm

Hi @jose.navarro, is it possible to generate a JWT that we can ignore for testing? i.e. mock out the Auth0 service to accept only that JWT. How would that look like?

jose.navarro · February 7, 2019, 9:13am

Hi @binhxn we do not have such service, if you call to your public tenant, everything is going to be valid.
Does puppeter have any library like sinon?

binhxn · February 8, 2019, 7:54pm

Puppeteer does not, but we do have Sinon being used in the back end. I’m still figuring out how to create a mock JWT that would be stored in the localStorage of the Chromium instance when launching Puppeteer… and then running that against our server. Will update as soon as I can.

jose.navarro · February 8, 2019, 10:39pm

cool, i would like to get more info about your outcome on this issue.

konrad.sopala · August 29, 2019, 10:45am