1

Problem:

As per Auth0 below are the prerequisite for Auth0

Prerequisites
Register your app with Auth0. To learn more, read Register Regular Web Applications.

Select Regular Web App as the Application Type. (Done)

Add an Allowed Callback URL of https://YOUR_APP/callback. (This part I am not able to find and question is related to this that what is the call back URL in karate?)

Make sure your application's Grant Types include Authorization Code. To learn more, read Update Grant Types. (Done)

Below are the details how this Auth0 API will be authenticated.

  1. Authorization API is called to generate code.
  2. Token API is then called with the code generated at step 1 in order to exchange code for token.

Both of above APIs require a redirect URL of the calling application like we have in Postman as can be seen in below image. What is the redirect URL that can be provided in karate so once the token is generated it gets redirected to karate and token is shown there in response.

enter image description here

Maddy
  • 674
  • 1
  • 7
  • 26
  • as far as I know, this means you have to "own" a REST end point. this may not be easy. try to get help if needed. all the information you need is here: https://stackoverflow.com/a/69406420/143475 (p.s. maybe you should just use P*stman ;) – Peter Thomas Dec 12 '21 at 18:22
  • It would be great if this can be catered as an enhancement in karate @PeterThomas. As Auth0 is a requirement for many people these days. I have seen many similar questions on Stackoverflow but no solution by anyone. As the API invokes a browser so yes Postman can't automate that that's why we picked Karate as automating UI and API can be done via one tool and we are liking this tool a lot. It would be great if you can consider this as an enhancement. – Maddy Dec 12 '21 at 23:04
  • 1
    I disagree. Auth0 is nothing but yet another API. Karate has all the ingredients you need, an API client and an API server. yes, you need to do some work to put it together. I also said that for ease of testing you should try to avoid any browser flows, which should be possible because finally everything is nothing but an API call. if you like this tool a lot, kindly contribute code, or convince someone you know to do it. – Peter Thomas Dec 13 '21 at 04:40

0 Answers0