In order to access the endpoints with auth0 and to be able to use them in API tests, first of all, it is necessary to get the access_token from auth0, with the help of which it will be possible to access all the endpoints owned by auth0.
The first time you get a test token for the Management API is when you complete the configuration in the Auth0 Dashboard. You won’t have to do this again unless you create a new tenant. A recommendation is to create a test token exclusively for authorizing access to the Management API instead of reusing another one you might have.
Get API Access Token Manually
1. Go to the API Explorer tab of your Auth0 Management API. A token is automatically generated and displayed there;
2. Click Copy Token. You can now make authorized calls to the Management API using this token;
3. Set expiration time. By default, this token has an expiration time of 86400 seconds (24 hours). After that period, the token expires, and you will need to get a new one. To change the expiration time, update Token Expiration (Seconds), and click Update & Regenerate Token.
Use Access Token for Testing
To use the Access Token you just created for testing purposes, use the Management API v2 explorer page to manually call an endpoint with the token.
1. Go to the Management API v2 explorer page, and click the Set API Token button;
2. Set the API Token field, and click Set Token;
3. Under the Set API Token button, some new information is now displayed: the domain and token set and the scopes that have been granted to this application;
4. Go to the endpoint you want to call, fill in any parameters that might be required, and click Try.
Asking Auth0 for a token from my application – Java
You can ask Auth0 for tokens for any of your authorized applications by issuing the following API call:
HttpResponse<String> response = Unirest.post(“url_to_your_app/oauth/token”)
.header(“content-type”, “application/json”) .body(“{\“client_id\“:\“client_id_from_auth0\“,\“client_secret\“:\“client_secret_from_auth0\“,\“audience\“:\“http://path_to_your_api/”,\“grant_type\“:\“client_credentials\“}”)
.asString();
Response
{
“access_token”: “your_access_token_test”,
“token_type”: “Bearer”
}
You can now extract the access_token property from the response to make authorized requests to your API.
Sending the token to the API
You can use this bearer token with an Authorization Header in your request to obtain authorized access to your API.
HttpResponse<String> response = Unirest.get("http://path_to_your_api/")
.header("authorization", "Bearer your_access_token_test")
.asString();
“Get Management API Access Token from Auth0 for Testing” Tech Bite was brought to you by Aida Seferović, Quality Assurance Engineer at Atlantbh.
Tech Bites are tips, tricks, snippets or explanations about various programming technologies and paradigms, which can help engineers with their everyday job.
Achieving High-Quality Tests in Elixir with Gherkin (Part 2)
Achieving High-Quality Tests in Elixir with Gherkin (Part 1)
