Auth0 Home Blog Docs

How to use username + password authentication in a SPA to test my API?

spa
login

#1

I’ve followed the manual at https://auth0.com/docs/quickstart/spa to enable Auth0 in a Angular 2+ application. All is working fine, I’m able to login as a user and get a valid access_token via the /callback. And this token can be used to access my API.

However, in order to quickly test my API I need to

  1. start my example Angular 2+ app
  2. do a login with a user which I want to test
  3. retrieve the access_token from the callback URL
  4. provide this access_token as Bearer token in postman request to test my API

I was wondering if there is another way to easily login as a real user without using the steps 1 to 3 above?

A Machine to Machine application differs from a real user, scopes are missing for example, so I cannot use that ?


#2

@stef I am not exactly certain what you mean easier way. The implicit flow you are using the appropriate flow for you type of application. If you are trying to make testing faster you could always use an automation tool like selenium to automate login. alternatively you could stub out the authorization server to return any tokens you want. Then during the local testing you could point this to your stubbed authorization server returning any tokens you’d like.

You are definitely right. Machine to Machine is not the right approach, but if you want to use Postman to get a new token then you could always use Password grant. To get this to work you would need to enable the authorization grant on the client. Just make sure you don’t do this in production if you aren’t planning to use that.


#3

Thanks for this explanation.

Using an automation tool seems like a possible option to automate the process.

Stubbing out the authorization server could be an option, but this is not really integration testing and for this my API needs to run in test mode instead of the normal real mode.

About the Password grant option : I did enable this for my Angular 2+ Application, and when using postman to send a POST request to /oauth/token with a form-url-encoded body with these values:

client_id:"XXX"
username:"XXX"
password:"XXX"
connection:"Username-Password-Authentication"
grant_type:"password"

I get a 500 error:
error:“server_error”
error_description:“Authorization server not configured with default connection.”


#4

In order to use the typical password grant you need to set a default connection. This is generally not what people want so we offer an extension to that called password realm. It is very similar but allows you to set the connection (realm).