Test Auth Protection

This section explains how to verify that your authentication checks are configured correctly.

🤔

Tests not working?

Need help? Contact our team, and we will work with you directly to resolve the issue.

The previous steps added authentication checks to protect specific frontend routes, components, and backend endpoints. Run the following tests to verify that these protections work as expected.

Test 1: Verify Frontend Blocks Unauthenticated Access

Protected frontend routes and components should prevent unauthenticated users from accessing restricted content. To verify this behavior, complete the following steps:

  1. Start the logout flow by entering the URL of your Logout Endpoint, such as (http://localhost:3001/auth/logout) in your browser's address bar, then press Enter.
  2. After the user is logged out, enter the URL of one of your application's protected routes in the browser's address bar, then press Enter.
  3. Verify that you are redirected to your application's login page.

Test 2: Verify Backend Blocks Unauthenticated Access

Protected backend endpoints should return a 401 Unauthorized response when a request does not contain a valid session cookie.

To test this behavior:

  1. Use a tool such as cURL or Postman to send a request to a protected backend endpoint without including a valid session cookie.
  2. Verify that the endpoint returns a 401 Unauthorized response.

Test 3: Verify Authenticated Users Can Access Protected Pages

Next, test accessing a protected page as an authenticated user. In this scenario, the authentication check should pass, and the user should be able to access the page.

To test this behavior:

  1. Start the login flow by entering the URL of your Login Endpoint, such as hhttp://localhost:3001/auth/login, in your browser's address bar, then press Enter.
  2. Complete the login flow by entering your credentials when prompted.
  3. After authentication is complete, confirm that you are redirected back to your application.
  4. Access your application's protected pages.

If the tests above succeed, your authentication checks are working correctly.



What’s Next

Congratulations! Your application now properly enforces user authentication. But there’s still plenty more you can do with our platform - let’s explore!

Did this page help you?