0

I'm creating REST back-end (node.js, although not important for the question), where I authenticate users via Google Sign In.

This is how auth and create user endpoints look like in swagger (I removed all other parts for simplicity):

openapi: 3.0.0
info:
  version: 0.1.0
  title: XXX API
servers:
  - url: 'https://xxx.herokuapp.com/'
  - url: 'http://localhost:5000/'
paths:
  /auth:
    post:
      summary: Authenticate user
      operationId: authUser
      tags:
        - auth
      parameters:
        - name: googleToken
          in: query
          required: true
          schema:
            $ref: '#/components/schemas/GoogleToken'
      responses:
        '200':
          $ref: '#/components/responses/LoggedUser'
  /users:
    post:
      summary: Create new user
      operationId: createUser
      tags:
        - users
      parameters:
        - name: googleToken
          in: query
          required: true
          schema:
            $ref: '#/components/schemas/GoogleToken'
      responses:
        '201':
          $ref: '#/components/responses/LoggedUser'
components:
  schemas:
    UserId:
      type: string
    GoogleToken:
      type: string
    User:
      type: object
      properties:
        userId:
          $ref: '#/components/schemas/UserId'
  responses:
    LoggedUser:
      description: Successfully logged user
      headers:
        Auth-Token:
          schema:
            type: string
            example: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJP
      content:
        application/json:
          schema:
            allOf:
              - $ref: '#/components/schemas/User'

As you can see, I'm relying on google token for both authentication and user creation. As suggested from the docs, I'm using the google token to authenticate user and retrieve it's google id, email, etc instead of sending around plain googleIds.

To protect my API from unexpected failures during development, I usually create some functional test through services such as Soap UI or Assertible. There you can list your endpoints and what responses you expect by given parameters.

The problem I'm facing is, how to simulate Google Sign In programmatically through my tests? Facebook had functionality to create test user link, but apparently I'm unable to find same solution within Google Docs. Of course I can get one Google Token and hard-code it, but it has rather short expiry time(few hours).

There is one thread within node.js Google library, but without proper solution: github thread.

How do I bypass this problem?

Cœur
  • 37,241
  • 25
  • 195
  • 267
hris.to
  • 6,235
  • 3
  • 46
  • 55

1 Answers1

0

Request a Refresh Token for your test account. Then use that to request an Access Token at the start of each test run. See How do I authorise an app (web or installed) without user intervention?

pinoyyid
  • 21,499
  • 14
  • 64
  • 115
  • That's useful approach. How I can get the id_token once I had the access one(with possibility to refresh)? From what I understood, it is best to send the id_token to back-end and verify it before proceeding. – hris.to Sep 03 '18 at 11:42