I have an application that uses NestJS and Angular. I am currently using @auth0/auth0-angular on the frontend to log users in and out. I want to write e2e tests with Supertest using the Authorization Code Flow and if I’m understanding everything correctly, I have to:
1) Authorize the user by sending the user to the authorization URL
2) If all goes well, I should receive an HTTP 302 response which includes an authorization
code
3) Exchange this authorization code for tokens by POSTing to the token URL
('https://YOUR_DOMAIN/oauth/token').
4) If all goes well, I should receive an HTTP 200 response with a payload containing the
tokens.
However, since I’m writing tests with Supertest on the backend, I can’t send a user to the authorization url and have the user handle authentication. Is there a way to get around this and get an authorization code so that I can POST to the token url in order to get the tokens?
I have been working on almost a similar project although I am using React for the front end. I am trying to migrate to nestjs from django. Since the nestjs app still isn’t ready, I’m currently redirecting all the requests to the django app. My code looks something like this:
import * as request from 'supertest';
import { INestApplication } from '@nestjs/common';
import { Test } from '@nestjs/testing';
import { ApiModule } from '../src/api.module';
describe('/api/auth', () => {
let app: INestApplication;
var Token = '';
beforeEach(async () => {
const moduleRef = await Test.createTestingModule({
imports: [ApiModule]
}).compile();
app = moduleRef.createNestApplication();
await app.init();
});
/*The user is going to be redirected to the /api/auth endpoint where the username and password of the user will be sent via the request body*/
/*The redirects(1) denotes that the request is going to be redirected once to the django app*/
it('POST /api/auth/token-obtain', () => {
let data = {
"username": "user30",
"password": "shortbutstrongpassword"
};
/*If the credentials are authentic, then a token will be generated for the user. Hence a property name called "token" is expected in the response body*/
/*Since the request is already being redirected, instead of 302 status we will get a status 200*/
return request(app.getHttpServer())
.post('/api/auth/token-obtain')
.set('Content-type', 'application/json')
.send(data)
.redirects(1)
.expect(200)
.then((res) => {
Token = res.body.token; /*Saving the token in a variable named Token.*/
expect(res.body).toHaveProperty('token');
});
});
it('POST /api/auth/token-refresh', () => {
let data = {
"token": Token
};
/*We are now going to use the Token in our POST request body*/
return request(app.getHttpServer())
.post('/api/auth/token-refresh')
.set('Content-type', 'application/json')
.send(data)
.redirects(1)
.expect(200)
.then((res) => {
expect(res.body).toHaveProperty('token');
});
});
Hope this sheds some light on the problem that you are facing.