The webfakes package comes with two fake apps that allow to imitate the
OAuth2.0 flow in your test cases. (See Aaron Parecki’s tutorial for a good
introduction to OAuth2.0.) One app (
oauth2_resource_app()) is the API
server that serves both as the resource and provides authorization.
oauth2_third_party_app() plays the role of the third-party app. They
are useful when testing or demonstrating code handling OAuth2.0
authorization, token caching, etc. in a package. The apps can be used in
your tests directly, or you could adapt one or both of them to better
mimic a particular OAuth2.0 flow.
oauth2_third_party_app(name = "Third-Party app")
Name of the third-party app
POST /login/config Use this endpoint to configure the client ID
and the client secret of the app, received from
oauth2_resource_app() (or another resource app). You need to
send in a JSON or URL encoded body:
auth_url, the authorization URL of the resource app.
token_url, the token URL of the resource app.
client_id, the client ID, received from the resource app.
client_secret the client secret, received from the resource
GET /login Use this endpoint to start the login process. It
will redirect to the resource app for authorization and after the
OAuth2.0 dance to
POST /login/redirect This is the
redirect URI of the third party app. (Some HTTP clients redirect
POST to a
GET, others don't, so it has both.) This endpoint
is used by the resource app, and it received the
code that can
be exchanged to an access token and the
state which was
/login. It contacts the resource app to get an
access token, and then stores the token in its
local variables. It fails with HTTP code 500 if it cannot obtain
an access token. On success it returns a JSON dictionary with
refresh_token (optionally) by
default. This behavior can be changed by redefining the
GET /locals returns the tokens that were obtained from the
GET /data is an endpoint that uses the obtained token(s) to
connect to the
/data endpoint of the resource app. The
endpoint of the resource app needs authorization. It responds
with the response of the resource app. It tries to refresh the
access token of the app if needed.
For more details see
vignette("oauth", package = "webfakes").