2

I have an API locked down by Azure B2C. Everything is configured correctly for my client app that consume this API. My question relates to the integration tests that accompany the API. While it's pretty obvious that authentication triggers a UI to sign in, how would one go about requesting a token for tests cases that require authentication without popping a UI up?

Right now I have to have a utility that allows me to grab an access token (by popping up a UI) and then using that in my test project. Ultimately it expires so all the tests fail. This makes sense but I'm wondering if anyone has come up with a way to automate the process of acquiring tokens using this library so that the test cases can acquire them without popping up a UI. Screen scraper?

Geekn
  • 2,650
  • 5
  • 40
  • 80
  • Have you granted Web app permissions to your web Api? – Wayne Yang Oct 16 '17 at 03:03
  • Sorry...I'm not quite sure what you mean. I've implemented the exact same solution as outlined in the article: https://github.com/Azure-Samples/active-directory-b2c-dotnet-desktop if that helps. I can do whatever is needed if you have an idea of how to automate the acquiring of an access token for XUnit integration tests without any user interaction. – Geekn Oct 16 '17 at 03:07
  • Sorry for my unclear comment. I thought that you've referred this document:https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-access-tokens . – Wayne Yang Oct 16 '17 at 03:13

1 Answers1

1

It looks like you want the Resource Owner Password Grant Flow. B2C does not officially support this, but Azure Active Directory does.

Read these: Can I use "Resource Owner Password Grant" flow with Azure AD B2C

https://blogs.msdn.microsoft.com/wushuai/2016/09/25/resource-owner-password-credentials-grant-in-azure-ad-oauth/

Note that in the scenarios where B2C is simply acting like AAD (local accounts), you can use this flow. But for other social identity providers like Facebook and Google, you cannot use this flow.

I like your original method which is to generate an access token outside the app, and paste it in. I recommend adding to that the Refresh Token you got, and code to acquire a new token using an existing refresh token. Something like this.

Let me know if this helps.

Shawn Tabrizi
  • 12,206
  • 1
  • 38
  • 69
  • Ahh...that makes sense and I also understand that flow wouldn't work for social accounts. Before we transitioned to B2C, we used a regular local account with aspnet core identity and essentially did the same thing to get our json token. Appreciate the quick feedback. Cheers! – Geekn Oct 16 '17 at 12:13
  • I also voted for that feature too ; ) Looks like you guys already had that in the works a few months ago. – Geekn Oct 16 '17 at 12:17