-
Notifications
You must be signed in to change notification settings - Fork 191
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handling authorization when testing against API #2
Comments
|
That's a great feature 馃敟馃殌 which is not necessarily related to auth. I guess it's feasible for some of the tests (black-box tests) as those who are utilizing test doubles or alter the config (grey-box tests) won't be able to run against remote env. How can we separate between the two? Probably need to tag the black-box tests + make the URL inference dynamic, not always work against localhost rather make this configurable. I would also add this to our features list in the home page.
Not sure I followed, could you clarify? |
@goldbergyoni For example, if you use Apigee, the authorization step happens before the request get to the service, so you can just send a mocked Authorization header |
@mikicho What is a mocked auth header? I guess you refer to API gateways which accept a valid token I'm asking to ensure I don't miss a bit |
@goldbergyoni mocked auth header is jwt for example. If you sever doesn't verify it (because this is happening before the request hit your sever) you can send whatever value you want |
@jhenaoz @Thormod @mikicho
I picked this topic as my first challenge. Before I code anything, I'd like to hear your thoughts 馃敟
The challenge:
Solutions (not all of them are good, just stating the options):
The text was updated successfully, but these errors were encountered: