stackoom
  简体   繁体   中英

How to get a Bearer token from Auth0 to impersonate a test user in an integration test?

 原文  2020-01-20 23:22:01       c#/ testing/ .net-core/ integration-testing/ auth0

Question

Context

I am trying to write some integration tests that verify correctness of my RESTful Web API service (.NET Core-based). To make requests that mimic the user's browser requests I'd need to configure an HttpClient 's headers to include Authorization: Bearer {test-user-1-bearer-token} .

Problem

My issue is that I can not find a way to programmatically retrieve the bearer token(s) for the test user(s) I created by hand.

What I tried

According to my research of the Auth0 Architecture Scenarios the only one that could work for me is called Server Application + API . That scenario relies on retrieving an access token for the testing Application (not a bearer token for a user the code is trying to impersonate). As far as I understand, this prevents me from having multiple test accounts, which I need to have to be able to test complex, multi-user interaction scenarios around my Web API.

Alternative approach

Instead of using a real production-ready Authentication middleware, I could use a custom middleware when running the service instance for testing. An environment variable, for example, could drive the decision about which AuthN middleware to enable. That custom middleware could rely on a non-JWT token source (eg custom HTTP Header) to bypass the Auth0 authentication.

It would be nice to be able to test with Auth0 playing its role, however.

Ugh

I suspect that my question is off-topic because I'm not providing code. Hopefully, I at least get some answers or comments that give me a clue.

1 answers

solution1
 0  2020-01-22 06:30:24

For integration tests you could check if your auth service supports Resource Owner Password Validation flow or Client Credentials flow - it would be easier to obtain access token.

If you still going to do it with Implicit flow - there's a similar question answered - https://devforum.okta.com/t/unit-testing-and-implicit-flow/1210/3 . You would need to change from Okta auth service to yours.

Ps

That scenario relies on retrieving an access token for the testing Application (not a bearer token for a user the code is trying to impersonate)

Bearer token is an access tokens. No matter who bears it, testing app or end user.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Bearer Token Auth - How to get SignIn User Value in controller ASP.NET Core 2.1 How to get access token for integration test with external api Auth0 - Integration tests using an actual user How to get auth token bearer via powershell cmdlet? How to get TempData in an integration test How to get user claims by using JWT Bearer token Get information from bearer token C# - Asp.net web API test project - how to impersonate a user and run test cases under a specific user How to generate a bearer token from azure ad with user credentials How to get bearer token from WsFederationAuthentication to send to API
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM