I have a setup that is using the PKCE flow to handle auth for both an SPA and a mobile application. I now need to test endpoints protected by this setup. I would like to use social login to test being able to get a social access token so I would like to avoid username and password auth. Is there a way to handle this? So far all I have come up with is…
- Use WebDriver to open a browser and login
- Steal the auth0 cookie from the browser.
- Use the
/authorize
andtoken
endpoint to get required access token.
Is there a better option for this? We can and have gotten the password grant type to work but we can’t test social based functionality.