for testing purposes, we need to automate the “registration” or the first login of a social account to auth0. All I found was how to access social accounts with their own access_token I can obtain after the social account is already known to auth0. But how can I “register” a social account for the first time, to test a rule which triggers on new social accounts?
Thank you in advanced for help
The creation/registration of a social user depends on an external identity provider and it’s a process that will most likely require end-user interaction. Having said that, if you create your own custom social OAuth2 connection pointing to an OAuth2 mock API that does not require any sort of end-user interaction (this is dangerous, read the full answer for caveats) then you may be able to achieve what you want.
The sequence of steps would be something like:
- Create a custom OAuth2 connection named
- Perform a request to the
/authorize endpoint that includes a
connection parameter with a value of
- The custom OAuth2 connection was implemented in a way that the requests for authentication are automatically satisfied with test user information.
The above would mean you could trigger authentication/registration of a social test user (one where
isSocial is true since it’s coming from a custom OAuth2 connection) with just a
GET request that would not require any sort of manual interaction. Have in mind that something like this should only be done in a test account, because that custom OAuth2 connection would basically allow access as a test user to anyone.
Thanks for this idea of solution. But it seems not to work without an
authorizationURL. If I try to request
/authorize endpoint without, I get this error:
" OAuth2Strategy requires a authorizationURL option"
Yes, I should probably have been more clear; the depicted approach still requires that the custom (fake) OAuth2 connection still behaves as expected from an Auth0 standpoint which implies having an accessible endpoint for authorization.
Ok, so I did now. But then I get redirected to this authorizationURL and still need manual interactions. I don’t get the point. Or you are running a dummy server on this URL which redirects back again without any interactions?
You’ll need to fake the entire OAuth2 transaction from the perspective of the IdP that Auth0 will call, this includes a valid authorization endpoint and possibly also a token endpoint.