Disable nonce validation for id token for e2e tests

[xiananfan]

Hi,

I am trying to setup e2e tests for login. Instead of actually go through the login dialog, I am trying to use "resource owner password" grant type to get the access token and id token. However, the id token got using password grant type does not contain "nonce" as one of the claims in the JWT.

In the code here, it will fail the id token validation, and won't store the id token in the local storage.

In the "LoginOptions", there is a "disableOauth2StateCheck" flag, but this flag does not turn off nonce check. Is it possible to add a similar flag to disable nonce check for e2e tests only?

Reference: https://auth0.com/blog/end-to-end-testing-with-cypress-and-auth0/

Thanks,
Xianan

[jeroenheijmans]

On a related side note, I recently implemented e2e tests that use Code Flow and it logs in. You can check my sample e2e tests, maybe it'll help you?

The gist of it would be these specs:

  beforeEach(() => {
    appPage = new AppPage();
    ids4Page = new DemoIdentityServer4Page();
  });

  it('should start at home', async () => {
    await appPage.navigateTo();
    expect(await appPage.getTitleText()).toEqual('Welcome');
  });

  it('should be able to navigate to IDS4', async () => {
    await appPage.clickLoginButton();
    browser.waitForAngularEnabled(false);
    expect(await ids4Page.isReadyForLoginInputs()).toBe(true);
  });

  it('should be able to log in on IDS4', async () => {
    await ids4Page.enterCredentials('bob', 'bob');
    browser.waitForAngularEnabled(true);
  });

  it('should have silently refreshed and show being logged in', async () => {
    expect(await appPage.getEmailText()).toBe('BobSmith@email.com');
  });

Based on these Page Objects:

export class DemoIdentityServer4Page {
  isReadyForLoginInputs(): Promise<boolean> {
    return element(by.css('input#Username')).isPresent() as Promise<boolean>;
  }

  async enterCredentials(user: string, password: string): Promise<void> {
    await element(by.css('input#Username')).sendKeys(user);
    await element(by.css('input#Password')).sendKeys(password);
    await element(by.css('button[value=login]')).click();
  }
}

export class AppPage {
  navigateTo(): Promise<unknown> {
    return browser.get(browser.baseUrl) as Promise<unknown>;
  }

  getTitleText(): Promise<string> {
    return element(by.css('h1')).getText() as Promise<string>;
  }

  clickLoginButton(): Promise<void> {
    return element(by.cssContainingText('.btn', 'login'))
      .click() as Promise<void>;
  }

  getEmailText(): Promise<string> {
    return element(by.css('#email')).getText() as Promise<string>;
  }
}

I guess you could take a similar approach with Password Flow?