It seems that a lot of people worship test-driven development and I think it super helpful if you develop API endpoints. But I am just wondering how to deal with OAuth2-protected calls/endpoints (eg. Linkedin). Mocking the OAuth2 provider would need to mock/rewrite the entire server app, isolated unit tests without login state don't seem to be really helpful. Setting up browser tests with puppeteer simulating all the clicks through the site just to test some protected API endpoints feels like taking a sledgehammer to crack a nut.
So, do I miss something? How do people deal with this? Is this entire thing about testing just empty talk and only basic stuff is being tested (like the server responds status 200)?
FYI, to get the auth code from the OAuth2 provider (e.g. LinkedIn) the user needs to go through the login flow. So, I don't see any way how to just provide a given code while skipping the login.
Aucun commentaire:
Enregistrer un commentaire