Load testing a React single-page application that uses auth0-react

danidiaz.art · January 20, 2026, 11:46am

I’ve looked at other load-testing related threads here but I haven’t found one that matches my case.

I have a React SPA application that uses auth0-react. I would like to perform browser-based load tests using a framework like Playwright.

In certain scenarios, I can use a mock like mock-oauth2-server to handle authentication. That isn’t a problem.

I would also like to load test some environments where using the mock oauth2 server is not an option, and we have to go through the actual Auth0 service. But I don’t want to perform the full login flow for each browser. I’m not sure how to avoid that.

One possiblity would be to get an access token using the Client Credentials Flow (instead of the Authorization Code Flow) before starting the load test, and somehow inject it in each browser that is spawned during the load test.

My question is: is there a way to make auth0-react to use this preexisting access token, or should I include some conditional logic in my SPA to behave differently when it detects the “injected” token?

nik.baleca · January 20, 2026, 6:36pm

Hi @danidiaz.art

Welcome to the Auth0 Community!

Regarding your implementation for load-testing, using the Client Credentials Flow would not be recommended since it covers Machine-to-Machine applications and not actual user authentication.

My suggestion would be to use the Resource Owner Password Flow in order to retrieve the tokens of the user an basically initiate an SSO session for your application. You would need to first enable the Password grant for your application within the Auth0 Dashboard. This can be found under Applications → Applications → Your_Application → Advanced Settings → Grants → Password. The request would look something like:

const response = await fetch(`https://${AUTH0_DOMAIN}/oauth/token`, {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({
        grant_type: 'password',
        username: 'testuser@example.com', 
        password: 'TEST_USER_PASSWORD',   
        client_id: AUTH0_CLIENT_ID,
        client_secret: AUTH0_CLIENT-SECRET
        scope: 'openid profile email offline_access',
      }),
    });

Once you have extracted the id_token from the response, you should be able to add it to an /authorize call as a hint in order to create the Auth0 session and then redirect to your page. The /authorize call would look like this:

https://nik-sp.us.auth0.com/authorize?response_type=token&client_id={{CLIENT_ID}}
&redirect_uri={{APPLICATION_URL}}&prompt=none
&id_token_hint={{USER_ID_TOKEN}}

Once you navigate to your page, it should be an authenticated page and able to test any protected API routes or other functionalities.

Let me know if the suggestion above is useful regarding the matter or if you have any other questions.

Kind Regards,
Nik

Topic		Replies	Views
Playwright testing with Authorization Code Flow Get Help community-topic , other	2	745	June 30, 2025
What is the best way/tool to perform load testing on an app with Auth0 authentication? Get Help load-test , operational-request	3	2202	August 2, 2023
Authenticate auth0 using Jmeter to perform load test on app not auth0 itself Get Help auth0 , login , jmeter	1	4224	February 8, 2022
Stub / mock for local development and testing Get Help sso , application	0	548	May 21, 2024
How to use username + password authentication in a SPA to test my API? Get Help spa , login	4	11104	December 17, 2018

Load testing a React single-page application that uses auth0-react

Related topics