Integration testing best practice, permanent tokens

We have an API which restricts access based on who you are. For example, some endpoints allow access to the public, some allow access to users, and some allow access to users with higher level roles like administrator. We wish to write tests which confirm that these restrictions are working.

To this end we wish to store permanently tokens which correspond to users, then use those tokens during our integration tests. Is there a way to create permanent tokens for specific test users? If not how is this usually handled?

1 Like

Anyone have any guidance on this one?

Hey there @melchoir555!

Unfortunately we don’t have much content on testing with Auth0, however here is what we have:

I’m in the same situation and trying to get this working. I don’t have the solution yet, but here’s what I did so far.

At this point, I have created 2 test users in Auth0 database (with different app_metadata). I managed to get test suite working from authentication point to verification and getting user details. However, this is not very good approach, as I just learned - there’s rate limiting to Auth0 requests, so the test suite using full integration is pretty much useless. I run into weird errors related to Auth0 requests count.

Looks like I have two options:

  1. use some kind of request/response recording library (polly.js or similar) - not a big fan of this
  2. adjust BE to avoid Auth0 completely and mock it when some flag is set (env variable)

In essence, for automation suite, where I want to have real world use cases, and not just “login-logout” flow, I think I just have to reduce API calls to Auth0 to minimum.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.