Support the ongoing development of Laravel.io →
Authentication Security

I have 2 Laravel 4 apps built as APIs. Currently, they are protected with a custom auth driver that contacts a Windows Active Directory service we built. Once our users log in, they get the Laravel cookie that can be passed from one API to another, and everything works fine.

The problem is that when we want to do our integration testing and run a test on one API that calls another API, we have no means of "logging in" and creating the cookie that our frontend normally initiates. My first thought was to modify the filter on the API routes to allow for either our existing authentication OR basic auth, and then when API1 calls API2 for testing, it'd just provide a "test" usename/pwd...but then we have to hardcode credentials into our tests which seems insecure.

How can we automate our integration tests across multiple APIs and still deal with the API's auth?

Last updated 2 years ago.
0

We came up with the following solution in case anyone else has the same question. Because the app under test will be running on it's own testing server, we can just remove authentication altogether. We'll do this by creating 2 auth service providers--one for extending Auth with our real authentication driver and another for extending Auth with a dummy driver. Inside of an environment-specific config for the testing server, we'll register the dummy service provider whereas production will register the normal provider.

Last updated 2 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

rms2219 rms2219 Joined 3 Feb 2014

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2025 Laravel.io - All rights reserved.