I am writing an integration test for the REST API protected by jwt . One API POST /user/token jwt returns jwt with username and password in mind, and this token is then used for a list of operations, such as:
GET /user/:id
If the route uses jwt({secret: secret.secretToken}) , then the token is included in the http Authorization header.
When testing with a supertest, I can have nested testing, but first I want to get a token, and then use this token for another work test.
POST /user/token => 12345 GET /user/:id, `Authorization Bearer 12345` GET /user/:foo, `Authorization Bearer 12345`
To avoid generating a new token for each operation test (see below), but use only one generated by POST / user / token.
it('should get a valid token for user: user1', function(done) { request(url) .post('/user/token') .send({ _id: user1._id, password: user1.password }) .expect(200) // created .end(function(err, res) { // test operation GET /user/:id
source share