I’ve followed the manual at Auth0 Single-Page App Quickstarts to enable Auth0 in a Angular 2+ application. All is working fine, I’m able to login as a user and get a valid access_token via the /callback. And this token can be used to access my API.
However, in order to quickly test my API I need to
start my example Angular 2+ app
do a login with a user which I want to test
retrieve the access_token from the callback URL
provide this access_token as Bearer token in postman request to test my API
I was wondering if there is another way to easily login as a real user without using the steps 1 to 3 above?
A Machine to Machine application differs from a real user, scopes are missing for example, so I cannot use that ?
@stef I am not exactly certain what you mean easier way. The implicit flow you are using the appropriate flow for you type of application. If you are trying to make testing faster you could always use an automation tool like selenium to automate login. alternatively you could stub out the authorization server to return any tokens you want. Then during the local testing you could point this to your stubbed authorization server returning any tokens you’d like.
You are definitely right. Machine to Machine is not the right approach, but if you want to use Postman to get a new token then you could always use Password grant. To get this to work you would need to enable the authorization grant on the client. Just make sure you don’t do this in production if you aren’t planning to use that.
Using an automation tool seems like a possible option to automate the process.
Stubbing out the authorization server could be an option, but this is not really integration testing and for this my API needs to run in test mode instead of the normal real mode.
About the Password grant option : I did enable this for my Angular 2+ Application, and when using postman to send a POST request to /oauth/token with a form-url-encoded body with these values:
In order to use the typical password grant you need to set a default connection. This is generally not what people want so we offer an extension to that called password realm. It is very similar but allows you to set the connection (realm).