Preliminary oauth testing documentation - will put on wiki.
This commit is contained in:
Steven Miers
parent
062740422a
commit
0d1baacff7
|
|
@ -0,0 +1,19 @@
|
|||
For access to the youtube and google APIs, we need an access_token
|
||||
|
||||
To obtain an access token, one must actually log into google using a browser running javascript. This redirects to the URL specified, as long as it is specified in the oauth configuration.
|
||||
|
||||
Getting an access token for the purposes of automated testing is tricky, but possible using Capybara with a javascript-enabled driver. (Note, web/spec/support/utilities.rb utilizes the JK youtube client to perform the intricate bits):
|
||||
|
||||
1) Obtain the login URL. It's ugly, but we can get it from the YouTubeClient. It contains the callback URL, as well as a "hint" that will fill in the username for us.
|
||||
2) Start a web server on an enabled callback server, such as localhost:3000
|
||||
3) Obtain the URL using a known test user
|
||||
4) Visit the URL in a capybara test
|
||||
4a) Fill in password with the right value
|
||||
4b) Click the login button
|
||||
4c) The approve page should load. Wait for the approve button to be enabled. This is usually a second or two after the page loads, but not immediately.
|
||||
4d) Click the approve button
|
||||
5) After google approves, some javascript will redirect to our test web server, which contains a code. This is not the access_token, but a one-time code that can be exchanged for an access_token, again POSTing to google's auth server. You can see it in gory detail in YouTubeClient.exchange_for_token.
|
||||
6) If all goes well, the test web server will call back the invoker with a real access token.
|
||||
7) For testing purposes, stick the access token in the user.user_authorizations table for the user for which we are testing.
|
||||
|
||||
|
||||
Loading…
Reference in New Issue