We’re using the node-auth0 package to allow our API to authenticate users with OpenID, and it works fine. However I was wondering if it was possible to request a genuine user JWT access token for our tests through node-auth0? I tried things like grantCredentialsClient and getAccessToken, but these don’t generate standard user access tokens that I can verify using the https://auth0.com/userinfo route (as that is what we’re trying to test)?
When using node-auth0, you can get access tokens using the [AuthenticationClient] (https://github.com/auth0/node-auth0#authentication-api-client) and the [ManagementClient] (https://github.com/auth0/node-auth0#management-api-client).
To call GET /userinfo endpoint, you should use the access token you got from the user’s authentication, but make sure to have the openid scope in that original authentication request.
Given the Auth0 Access Token obtained
during login, this endpoint returns a
user’s profile. This endpoint will
work only if openid was granted as a
scope for the access_token.
Thanks for your reply! Yes - that is what I was wondering - is there any way to obtain a user’s access token that I can use with the GET /userinfo via the AuthenticationClient or ManagementClient of node-auth0 (so without requiring the user to actually log in manually/separately?)
The test we’d like to run is:
- Create new user (using node-auth0)
- Obtain access token for this user
- Send access token to GET /userinfo
- Check that profile information is returned as expected
It’s just stage 2 that I can’t work out?