Disable nonce validation for id token for e2e tests #561
Labels
investigation-needed
Indication that the maintainer or involved community members may need to investigate more.
password-flow
Issues specific to the (Resource Owner) Password flow
pr-welcome
We'd welcome a PR to solve the issue.
Comments
jeroenheijmans
added
the
investigation-needed
jeroenheijmans
added
the
password-flow
|
On a related side note, I recently implemented e2e tests that use Code Flow and it logs in. You can check my sample e2e tests, maybe it'll help you? The gist of it would be these specs: beforeEach(() => {
appPage = new AppPage();
ids4Page = new DemoIdentityServer4Page();
});
it('should start at home', async () => {
await appPage.navigateTo();
expect(await appPage.getTitleText()).toEqual('Welcome');
});
it('should be able to navigate to IDS4', async () => {
await appPage.clickLoginButton();
browser.waitForAngularEnabled(false);
expect(await ids4Page.isReadyForLoginInputs()).toBe(true);
});
it('should be able to log in on IDS4', async () => {
await ids4Page.enterCredentials('bob', 'bob');
browser.waitForAngularEnabled(true);
});
it('should have silently refreshed and show being logged in', async () => {
expect(await appPage.getEmailText()).toBe('[email protected]');
});Based on these Page Objects: export class DemoIdentityServer4Page {
isReadyForLoginInputs(): Promise<boolean> {
return element(by.css('input#Username')).isPresent() as Promise<boolean>;
}
async enterCredentials(user: string, password: string): Promise<void> {
await element(by.css('input#Username')).sendKeys(user);
await element(by.css('input#Password')).sendKeys(password);
await element(by.css('button[value=login]')).click();
}
}export class AppPage {
navigateTo(): Promise<unknown> {
return browser.get(browser.baseUrl) as Promise<unknown>;
}
getTitleText(): Promise<string> {
return element(by.css('h1')).getText() as Promise<string>;
}
clickLoginButton(): Promise<void> {
return element(by.cssContainingText('.btn', 'login'))
.click() as Promise<void>;
}
getEmailText(): Promise<string> {
return element(by.css('#email')).getText() as Promise<string>;
}
}I guess you could take a similar approach with Password Flow? |
manfredsteyer
added a commit
that referenced
this issue
Jul 16, 2021
fix: Disable nonce validation for id token for e2e tests
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I am trying to setup e2e tests for login. Instead of actually go through the login dialog, I am trying to use "resource owner password" grant type to get the access token and id token. However, the id token got using password grant type does not contain "nonce" as one of the claims in the JWT.
In the code here, it will fail the id token validation, and won't store the id token in the local storage.
In the "LoginOptions", there is a "disableOauth2StateCheck" flag, but this flag does not turn off nonce check. Is it possible to add a similar flag to disable nonce check for e2e tests only?
Reference: https://auth0.com/blog/end-to-end-testing-with-cypress-and-auth0/
Thanks,
Xianan
The text was updated successfully, but these errors were encountered: