{"id":30213581,"url":"https://github.com/davidcollom/auth0-jwt-e2e-test","last_synced_at":"2025-08-13T23:12:55.297Z","repository":{"id":308600882,"uuid":"1033400569","full_name":"davidcollom/auth0-jwt-e2e-test","owner":"davidcollom","description":null,"archived":false,"fork":false,"pushed_at":"2025-08-06T20:33:32.000Z","size":29,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-06T21:09:10.903Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/davidcollom.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"davidcollom","custom":["https://monzo.me/davidcollom"]}},"created_at":"2025-08-06T18:54:11.000Z","updated_at":"2025-08-06T20:33:35.000Z","dependencies_parsed_at":"2025-08-06T21:09:19.189Z","dependency_job_id":"d19e5500-92de-4d48-9ed8-43eb20109b5c","html_url":"https://github.com/davidcollom/auth0-jwt-e2e-test","commit_stats":null,"previous_names":["davidcollom/auth0-jwt-e2e-test"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/davidcollom/auth0-jwt-e2e-test","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidcollom%2Fauth0-jwt-e2e-test","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidcollom%2Fauth0-jwt-e2e-test/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidcollom%2Fauth0-jwt-e2e-test/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidcollom%2Fauth0-jwt-e2e-test/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/davidcollom","download_url":"https://codeload.github.com/davidcollom/auth0-jwt-e2e-test/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidcollom%2Fauth0-jwt-e2e-test/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270330595,"owners_count":24565816,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-13T02:00:09.904Z","response_time":66,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-08-13T23:12:53.255Z","updated_at":"2025-08-13T23:12:55.272Z","avatar_url":"https://github.com/davidcollom.png","language":"Go","funding_links":["https://github.com/sponsors/davidcollom","https://monzo.me/davidcollom"],"categories":[],"sub_categories":[],"readme":"# Auth0 JWT E2E Test\n\n\u003e **⚠️ This is a \"Hack Together Demo\"** - A quick and dirty end-to-end testing framework for Auth0 JWT authentication flows. Use at your own risk and adapt as needed!\n\n## What is this?\n\nThis repository contains a Go-based end-to-end testing framework that demonstrates how to:\n\n1. **Programmatically create Auth0 applications** using the Auth0 Management API\n2. **Generate JWT tokens** using OAuth2 client credentials flow\n3. **Test authentication flows** using automated browser testing with ChromeDP\n4. **Clean up resources** automatically after testing\n\nThe demo uses [httpbin.org](https://httpbin.org) as a test endpoint to validate JWT token authentication in a real browser environment.\n\n## How it works\n\n### Test Flow\n1. **Setup**: Creates a machine-to-machine Auth0 application with client credentials\n2. **Token Generation**: Requests a JWT token using OAuth2 client credentials flow\n3. **Browser Testing**: Uses ChromeDP to navigate to `/bearer` endpoint with the JWT token\n4. **Validation**: Verifies the authentication response and token presence\n5. **Cleanup**: Automatically deletes the created Auth0 application\n\n### Key Components\n- `main_test.go` - Main test orchestration and Auth0 app lifecycle management\n- `helpers_test.go` - OAuth2 token generation utilities\n- `browser_test.go` - ChromeDP browser automation for authentication testing\n- `main.go` - Placeholder main function (tests handle everything)\n\n## Prerequisites\n\n### Auth0 Setup\nBefore running these tests, you need to configure Auth0 Management API access:\n\n#### 1. Create a Machine-to-Machine Application\n1. Go to your [Auth0 Dashboard](https://manage.auth0.com/)\n2. Navigate to **Applications** → **Create Application**\n3. Choose **Machine to Machine Applications**\n4. Select your **Auth0 Management API**\n5. Grant the following scopes:\n   - `read:clients`\n   - `create:clients`\n   - `delete:clients`\n   - `create:client_grants`\n   - `read:client_grants`\n\n#### 2. Get Your Credentials\nFrom your newly created M2M application, copy:\n- **Domain** (e.g., `dev-xxxxx.auth0.com`)\n- **Client ID**\n- **Client Secret**\n\n### Local Environment\n- **Go 1.24.4+** (check with `go version`)\n- **Chrome/Chromium** browser (for ChromeDP)\n\n## Installation \u0026 Setup\n\n1. **Clone and navigate to the repository:**\n   ```bash\n   git clone \u003crepository-url\u003e\n   cd auth0-jwt-e2e-test\n   ```\n\n2. **Install dependencies:**\n   ```bash\n   go mod tidy\n   ```\n\n3. **Create environment file:**\n   ```bash\n   cp .env.example .env  # if you have an example, or create manually\n   ```\n\n4. **Configure environment variables in `.env`:**\n   ```env\n   AUTH0_DOMAIN=your-tenant.auth0.com\n   AUTH0_MANAGEMENT_CLIENT_ID=your_management_client_id\n   AUTH0_MANAGEMENT_CLIENT_SECRET=your_management_client_secret\n   ```\n\n## Usage\n\n### Run All Tests\n```bash\ngo test -v\n```\n\n### Run Specific Tests\n```bash\n# Test only the browser authentication flow\ngo test -v -run TestHomepage\n\n# Run with more detailed logging\ngo test -v -count=1\n```\n\n### What You'll See\nThe tests will output logs showing:\n- ✅ Auth0 Management Client creation\n- 🧪 Test application creation with client credentials\n- 🔑 JWT token generation\n- 🌐 Browser navigation and authentication testing\n- 🧹 Automatic cleanup of created resources\n\n## Expected Output\n\n```\n=== RUN   TestMain\nAuth0 Management Client created successfully\nChecking for existing clients...\nExisting clients: X\n🧪 Created app: ID=abc123, secret=xyz789\nCreating client grant for the app...\nJWT Token: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIs...\nOAuth2 token retrieved successfully\nAuth0 App created. Starting tests...\n\n=== RUN   TestHomepage\nStarting homepage test...\nBeginning capture setup\nEventRequestWillBeSent: request-123: https://httpbin.org/bearer\nEventLoadingFinished: request-123\n✅ JSON body from /bearer: {\"authenticated\":true,\"token\":\"eyJ0eXAi...\"}\n\nTests completed. Exiting...\n✅ Deleted test client\n```\n\n## Configuration\n\n### Environment Variables\n| Variable | Description | Example |\n|----------|-------------|---------|\n| `AUTH0_DOMAIN` | Your Auth0 tenant domain | `dev-abc123.auth0.com` |\n| `AUTH0_MANAGEMENT_CLIENT_ID` | Management API client ID | `AbC123dEf456GhI789` |\n| `AUTH0_MANAGEMENT_CLIENT_SECRET` | Management API client secret | `your-secret-here` |\n\n### Customization\n- **Change test endpoint**: Modify `BaseURL` in `browser_test.go`\n- **Add more scopes**: Update the `Scope` array in `main_test.go`\n- **Extend browser tests**: Add more test functions in `browser_test.go`\n\n## Troubleshooting\n\n### Common Issues\n\n1. **\"failed to create management client\"**\n   - Check your Auth0 domain format (should include `.auth0.com`)\n   - Verify client ID and secret are correct\n\n2. **\"failed to create client\"**\n   - Ensure your Management API application has `create:clients` scope\n   - Check if you've hit Auth0 application limits\n\n3. **\"failed to get OAuth2 token\"**\n   - Verify the created app has proper audience configuration\n   - Check if client grants were created successfully\n\n4. **Browser tests fail**\n   - Ensure Chrome/Chromium is installed and accessible\n   - Check if the target endpoint is reachable\n\n### Debug Mode\nAdd more verbose logging:\n```bash\nexport DEBUG=1\ngo test -v -count=1\n```\n\n## Security Considerations\n\n⚠️ **Important Security Notes:**\n- Never commit `.env` files to version control\n- Use different Auth0 tenants for testing vs production\n- Regularly rotate Management API credentials\n- Consider using Auth0 Deploy CLI for production automation\n\n## Contributing\n\nThis is a hack demo, but improvements are welcome! Feel free to:\n- Add more comprehensive test scenarios\n- Improve error handling\n- Add CI/CD pipeline examples\n- Extend browser automation coverage\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n**TL;DR**: Do whatever you want with this code, no guarantees provided! 🤷‍♂️\n\n---\n\n**Remember: This is a demonstration project.** Adapt the code patterns and security practices to fit your specific production requirements.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavidcollom%2Fauth0-jwt-e2e-test","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdavidcollom%2Fauth0-jwt-e2e-test","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavidcollom%2Fauth0-jwt-e2e-test/lists"}