Ask HN: How to test OAuth2-protected API endpoints
Mocking the OAuth2 provider would need to mock/rewrite the entire server app, isolated unit tests without login state don't seem to be really helpful. Setting up browser tests with puppeteer simulating all the clicks through the site just to test some protected API endpoints feels like taking a sledgehammer to crack a nut (paired with the problem that's is not so easy to create test accounts on LinkedIn without getting flagged).
So, do I miss something? How do people deal with this? Is this entire thing about TDD/BDD just empty talk and only basic stuff is being tested (like the server responds status 200)?
FYI, to get the auth code from the OAuth2 provider (e.g. LinkedIn) the user needs to go through the login flow. So, I don't see any way how to just provide a given code while skipping the login.
1 comment
[ 4.2 ms ] story [ 19.7 ms ] threadSpring provides a mocked OAuth2 server that you can bring in for test purposes and do whatever you need to do https://stackoverflow.com/questions/29510759/how-to-test-spr...