Ready to post? 
First, try searching for your answer.
I’ve been implementing an app which uses the Organizations feature, which requires that the Username-Password grant be disabled. However, all of the guidance around having an automated integration or E2E test authenticate involves using this grant. (example here: End-to-End Testing with Cypress and Auth0)
I have a bunch of existing integration and E2E tests which until now have used Username-Password grant to authenticate. Now that I am using the organizations feature in Auth0, I need a new way to get access tokens for these users from within my test script.
My tests involve verifying that users with certain roles can/cannot perform certain actions, so it is necessary for me to have different identities with a variety of permissions. I tried using a client credentials grant to get a M2M token, but there is no way I can control the specific roles on this client.
Is there a way I can programmatically authenticate a user to an application when organizations is enabled (and Username-Password grant is disabled as a result?)
(PS. If it is relevant, e2e tests are written in cypress and integration tests using jest)
Hey @jake-wickstrom-lb,
Welcome to the Auth0 Community!
Yes, that’s correct. It mentions using the Resource Owner Password Grant (ROPG) flow to perform end-to-end testing in Auth0.
Unfortunately, as you discovered, organizations does not support the ROPG flow. Because of that, you may want to consider opting for a different flow to test, such as the authorization code flow.
I hope this helps!
Let me know if you have any questions.
Thanks,
Rueben
Hi everyone!
In the context of performing automated tests in the context of organizations, it can be a difficult task since the usual ROPG grant flow cannot be enabled.
However, this can be resolved by using a Custom Token Exchange Trigger in which you will be able to set the organization as seen in this example:
exports.onExecuteCustomTokenExchange = async (event, api) => {
// 1. Validate subject_token
const subject_token = await validateToken(event.transaction.subject_token, jwksUri);
// 2. Apply your authorization policy on the user
const isAuthorized = await authorizeAccess(subject_token.sub);
if (!isAuthorized) {
api.access.deny('Unauthorized_login', 'User cannot login due to reason: X');
}
// 3. Set the user for the transaction
api.authentication.setOrginzation('org_xS525r979AS33MSf');
// 4. Set the user for the transaction. You may also use setUserByConnection()
api.authentication.setUserById(subject_token.sub);
return;
};
Hope this helps anybody who stumbles across the same issue!
Kind Regards,
Nik