It seems that a lot of people worship test-driven development and I think it super helpful if you develop API endpoints. But I am just wondering how to deal with OAuth2-protected endpoints (e.g. protected with LinkedIn-OAuth2).Mocking the OAuth2 provider would need to mock/rewrite the entire server app, isolated unit tests without login state don't seem to be really helpful. Setting up browser tests with puppeteer simulating all the clicks through the site just to test some protected API endpoints feels like taking a sledgehammer to crack a nut (paired with the problem that's is not so easy to create test accounts on LinkedIn without getting flagged).So, do I miss something? How do people deal with this? Is this entire thing about TDD/BDD just empty talk and only basic stuff is being tested (like the server responds status 200)?FYI, to get the auth code from the OAuth2 provider (e.g. LinkedIn) the user needs to go through the login flow. So, I don't see any way how to just provide a given code while skipping the login.
Submitted February 22, 2019 at 06:45AM by desmap
No comments:
Post a Comment