We are developing a Node API which is used by a React SPA and uses access token auth. We aren’t much past the “Hello World” stage at the moment but already starting to think about testing the API and full stack integration tests.
For development testing we can probably stub the JWT verifier but for our CI environment we ideally want real authentication. What is the best practice for this? - e.g. is it sensible to create separate API and SPA app instances and test user accounts in Okta just for this purpose and have some hook code which runs before the test suite to get an access token for the test user when testing the API alone (without the SPA)?
Thanks in advance.