end to end testing

[qballer]

I would like to write an end to end test that would sign in to google once on every release of my codebase. Is there a way for to get google test accounts? any recommendation to test that integration with google sign in works?

[JustinBeckwith]

I have a sample of this over in #265 :)

[qballer]

Hi @JustinBeckwith, thanks a lot for the example. A couple of comments:

1. from what I understand google will show you captcha's eventually when running client side scripts on login. There is no way to declare a user as test user (facebook for example provides this)
2. I'm also wondering in regards to server side of this test. when A server gets request he would like to verify the signIn, that is the major issue I have with testing right now. Should have been more clear about it. I'm sure that example will help others as well though.

[JustinBeckwith]

1. from what I understand google will show you captcha's eventually when running client side scripts on login. There is no way to declare a user as test user (facebook for example provides this)

Is this something you're currently running into? I never hit it with my testing, and there doesn't seem to be many complaints about it out there. If you have a site using the reCaptcha service, there is a known work around for this: https://developers.google.com/recaptcha/docs/faq#id-like-to-run-automated-tests-with-recaptcha-v2-what-should-i-do

My suggestion - try this out, and if you run into issues, I can pull in the right folks :)

2. I'm also wondering in regards to server side of this test. when A server gets request he would like to verify the signIn, that is the major issue I have with testing right now. Should have been more clear about it. I'm sure that example will help others as well though.

Apologies, I don't entirely understand this question. Just to be clear - we're talking about an OAuth2 workflow, right? If you're just looking for idToken verification, we have an example of that here :) https://github.com/google/google-auth-library-nodejs/blob/master/examples/verifyIdToken.js#L33

Hope this helps!

[JustinBeckwith]

For now, I'm going to go ahead and close this out. If there are still specific issues you run into - please do chime in! Happy to help :)

[skeggse]

It's nice to see interest from Google staff on this topic! We've wanted to have better end-to-end testing, and have been stonewalled when attempting to devise automated means to fetch a refresh token for application testing. In particular, the Google authentication page will eventually start requiring a captcha check and/or second-factor authentication (e.g. phone number, even if disabled). Best I can figure, this isn't a supported use-case - I imagine the authentication page is specifically built to resist automated login attempts, meaning that our attempts to automate logins for automated testing will eventually fail. Are there any workarounds for this, or any supported workflows for working with test applications?

[JustinBeckwith]

Yeah, sadly I don't have any insight into the particulars of the Google sign-on page itself, and how they manage all of the captcha stuff ☹️ All I can really speak for here are the underlying auth APIs and the node library on top of it.