Hi I am trying to test my backend API, which expects a valid auth0 access token.
What is the convention around this?
Is there a way I can generate a token programmatically for a user with specific permissions without having to make an actual request to auth0? It’s against normal testing standards to have to make external API requests because it means it’s no longer self contained.
Or do I have to hardcode an actual access token for a real user?
Good question - You’ll need to make an actual request to get a valid Access Token. In my experience, most will go the route of configuring their application in Auth0 to allow the Resource Owner Password grant and use the auth API debugger extension to grab a “test” token.