Not sure what language you’re writing your tests in, but here’s an example for Node.js:
const fetch = require('isomorphic-fetch');
const DOMAIN = 'yourOktaDomain';
const CLIENT_ID = 'sampleClientId';
const REDIRECT_URI = 'http://localhost:3000/implicit/callback'; // or your redirect_uri
const TEST_USERNAME = 'sampleUser';
const TEST_PASSWORD = 'samplePass';
(async () => {
// Make a call to the authn api to get a sessionToken
const authnRes = await fetch(`${DOMAIN}/api/v1/authn`, {
method: 'POST',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json'
},
body: JSON.stringify({
username: TEST_USERNAME,
password: TEST_PASSWORD
})
});
const trans = await authnRes.json();
// Send the session token as a query param in a GET request to the authorize api
const authorizeRes = await fetch(
`${DOMAIN}/oauth2/default/v1/authorize?` +
'response_type=token&' +
'scope=openid&' +
'state=TEST&' +
'nonce=TEST&' +
`client_id=${CLIENT_ID}&` +
`redirect_uri=${REDIRECT_URI}&` +
`sessionToken=${trans.sessionToken}`);
// Parse access_token from url
console.log(authorizeRes.url);
})();