ruby on rails - How to write tests against code requiring remote OAuth? -

i have code uses api push data remote third-party service.

in actual use, needs oauth-generated credentials push api endpoint. that's working, when user pushes 'export' button, redirect them through oauth flow, come back, we've got token, push data (probably in bg job, has it's own potential problems, that's not focus of question), great.

but how write automated test functionality? don't have oauth credentials @ test time, , don't know if there's way them.

i could web scrape fake user login real third-party service, seems ugly. skip actual "prove pushes test", , test request i'm going send looks right, i'd love have automated test proving succesfully push, in case third party changes things. would record "vcr" avoid slow network requests each time, that's not issue either (unless because it'll make things harder...)

in case, third-party api uses oauth 1.0a, if matters.

any ideas or solutions? thing?

omniauth has built in test mode can used short-circuit actual requests.

omniauth.config.test_mode = true 

you can simulate failure with:

omniauth.config.mock_auth[:some_provider] = :invalid_credentials 

or setup response with:

omniauth.config.add_mock(:some_provider, {:uid => '12345'}) 

you in tests cover authentication system, such callbackscontroller or integration tests cover sign in path.

for else stub out authentication system current_user returns fixture (or factory) when there should authenticated user. lot faster each integration test retesting same sign pathway. (click "sign in" ...)

if using warden or devise have built in test helpers this.

you record vcr, introduces issues of cassettes might potentially contain sensitive information , how should shared between developers.

usually testing against actual provider more of omniauth strategy author concern don't need worry unless creating strategy obscure oauth provider or creating oauth service of own. if using facebook, twitter or 1 of other big boys not concern.

see also:

• https://github.com/intridea/omniauth/wiki/integration-testing
• https://github.com/plataformatec/devise/wiki/how-to:-test-with-capybara
• https://github.com/hassox/warden/wiki/testing

this example of integration test project uses omniauth-flickr:

require 'rails_helper' require 'support/omniauth'  rspec.feature 'flickr authentication'    let(:t) { i18n.t }   let(:sign_in_via_flickr)     visit root_path     click_link t('sessions.menu.sign_in_with_flickr')   end    context 'with successfull flickr auth'     before        # mock_auth_hash helper returns big hash of fake user data        omniauth.config.add_mock(:flickr, mock_auth_hash)        omniauth.config.mock_auth[:flickr]     end     scenario 'when click log in, should logged in via flickr'       sign_in_via_flickr       expect(page).to have_content t('sessions.flash.you_have_been_signed_in')     end     scenario 'i should logged out'       sign_in_via_flickr       click_link(t('sessions.menu.sign_out'))       expect(page).to have_content t('sessions.flash.you_have_been_signed_out')     end   end   context 'with failed authentication'     before       omniauth.config.mock_auth[:flickr] = :invalid_credentials     end     scenario 'i should notified sign in failed'       sign_in_via_flickr       expect(page).to have_content t('auth.failure.flashes.invalid_credentials')     end     scenario 'i should not logged in'       sign_in_via_flickr       expect(page).to_not have_content(t('sessions.flash.you_have_been_signed_in'))       expect(page).to_not have_link(t('sessions.menu.sign_out'))     end   end end