BFF integration testing: advice on configuring Identity Server and BFF

[bamarch]

Hi, I was hoping if you could please offer some tips on integration testing authenticated routes for our project using BFF

I'm just looking for an MvP where we are able to generate a valid token using a test instance of Identity Server and then make some requests to authenticated BFF routes

I've been looking at https://github.com/DuendeSoftware/products/blob/main/bff/test/Bff.Tests/TestInfra/IdentityServerTestHost.cs and trying to understand the core aspects of how Duende is able to login during tests

Please could you confirm if I've got the correct understanding of how this works?

• Configure an HttpClient with CookieContainer that follows redirects to act as our "browser"

• Initialise a testing Identity Server with the following customisation

  • UserToSignIn field of type ClaimsPrincipal
  • /account/login endpoint specified via mapGet that does SignInAsync(UserToSignIn, props); i.e. it performs no validation of the client, it just returns a token for the preconfigured UserToSignIn using the default authentication scheme and redirects back to the BFF

• Use the "browser" client to call /bff/login, it will redirect to Identity Server /account/login endpoint where the mapGet endpoint takes precedence over the default one

• Identity Server will issue a token for UserToSignIn, BFF will create a session and issues a cookie that is stored in the "browser" HttpClient

• Now we can use the "browser" HttpClient to make authenticated requests to our BFF

Many many thanks

Ben

[maartenba]

Hi @bamarch, that seems like a proper analysis indeed. Note this code is not immediately intended to fit all scenarios you may have, but can probably serve as a good base for your solution.

I also recently discovered https://github.com/alsami/alsami.Duende.IdentityServer.AspNetCore.Testing/blob/main/docs/IdentityServerTestWebHostBuilder.md which is a library that can also set up a test IdentityServer host. May be worth looking into as well.