Using Auth0 with Automated Integration Testing

paul.stanton · April 20, 2021, 12:17pm

Hello I have a question regarding writing Automated API tests. Right now we can get a m2m token to hit our services which is easy enough. We grab that with the client credentials grant. The token comes back with all of the permissions we have setup for that particular service.

But specific test cases might want us to not have all of those permissions. For example if we wanted to test that our authorization was working we’d want to hit the endpoint without some of those permissions. I could create multiple applications with different scopes but that doesn’t seem to be a good measure going forward.

How can we approach this scenario? Is there a way to get a m2m token with a specific subset of permissions?

taras · February 16, 2022, 12:15am

Hi @paul.stanton,

We created an Auth0 simulator to give us precise control state of Auth0 in tests.

If you’re interested in more precise control over the specific state in tests, we could add your use case to our simulator.

You can learn about it here https://community.auth0.com/t/auth0-simulation-for-ephemeral-deployments-and-reliable-automated-testing/78334

Let me know if you’d like to explore this further,

Taras

konrad.sopala · February 16, 2022, 2:25pm

Thanks for sharing that with the rest of community @taras !