We wanted to test our web app using Cypress, and the discussion around the existing tutorial kept bringing up numerous issues.
Seemed that a far simpler way to test with Cypress would be to create a user/pass test user, login that user programmatically, and save the JWT. Found this thread, not promising (see the last 2 comments, which we unfortunately agree with).
Another thread received no reply:
Going back to first principles, it turned out obtaining a JTW was also far simpler than suggested in those threads, so Iām posting this here for anyone interested. CC-ing folks from the closed topics, since itās impossible to reply there and notify those who were interested: @stephen, @sonny.rajagopalan, @amanda.harmse.
What we all want in these threads is called āImplement the Resource Owner Password Grantā, and the Node.js code is provided in the Ask for a token section. Hereās a modern adaptation of it:
import fetch from 'node-fetch';
import { URLSearchParams } from 'url';
const params = new URLSearchParams();
params.append('grant_type', 'password');
params.append('username', 'user@domain.com');
params.append('password','supersecretpassword');
params.append('scope', 'read:sample');
params.append('client_id', 'the client id of the application you created, in our case a Cypress machine-to-machine application');
params.append('client_secret', 'the client secret for the application above');
params.append('audience', 'the identifier API that this application is linked to; we used our GraphQL API');
(async function main() {
const response = await fetch('https://YOUR-DOMAIN/oauth/token', {
method: 'POST',
body: params,
});
const json = await response.json();
console.log(json);
})();
PS for the Auth0 team:
-
Given this was so simple, despite the unsolved threads above, I must ask, are we doing something wrong?
-
Some suggestions to make this even easier:
a. Give an example of what the āDefault Directoryā string should be. In our case it wasUsername-Password-Authentication
.
b. Theapplication/x-www-form-urlencoded
parameter format is awkward. Can JSON be also accepted?
c. Therequest
module has long been deprecated. Would be nice to usenode-fetch
or a modern HTTP request module for Node. -
Closed topics just because no answer was givenā¦
- feel frustrating to those who could give an answer later
- make it awkward to notify users in those topics if starting a new topic with the solution
- starting a new thread just to say āHereās a solution to this old threadā feels clunky and creates clutter in the forum
- search engines will still direct users to the old topics, without solutions, and those users wonāt find the solution given later (IF the user who bothers to start a new thread (the vast majority wonāt) links to the old topic, there will be a tiny link at the bottom of the old topic pointing to the new one, but thatās very easy to miss, and doesnāt suggest thereās a solution now; just a related topic)
- this can easily make users think Auth0 has a limitation, when in fact that was fixed later
Please reconsider closing topics for no good reason other than X days had passed.