Problem statement
Currently we have a hacky solution that uses a password database connection, with the passwords only used for the test accounts. Normal users bypassed this and was met with a MFA instead for their “login”. We’d like to migrate from this to a passwordless approach. This has seemed to work nicely in our experimental tenant with account linking. However, is there a way to bypass passwordless login for automated tests?
Solution
For testing purposes, we recommend configuring a database connection with test users and credentials. Then you can configure your automated tests to fetch tokens using the Resource Owner Password Grant (ROPG), which only involves one simple http request to the /oauth/token endpoint. Then the remainder of your automated tests can be performed as an authenticated user. Imitating the flow of the actual connection type is not necessary (and in some cases not possible) since all successful auth flows end with the application receiving tokens for the authenticated user.