Test Auth Protection
In this section, you'll run tests to verify that your authentication checks are set up correctly.
Tests not working?If you get stuck, contact us and our development team will work directly with you to get unblocked.
In the previous steps, you added checks to ensure that only authenticated users can access specific frontend routes, components, and backend endpoints. Now, let’s run a few quick tests to confirm that these protections are working as expected.
Test 1: Verify Frontend Blocks Unauthenticated Access
Protected frontend routes and components should not allow unauthenticated access. To test this functionality, please perform the following steps:
- First, ensure that your user does not have an active session. To do this, execute the logout flow by entering the URL of your Logout Endpoint (e.g.,
http://localhost:3001/auth/logout) into your browser's address bar and press Enter. - Now that your user has been logged out, enter the URL of one of your application's protected routes into the browser's address bar and press Enter.
- If your authentication checks are working correctly, you should be redirected to your application's login page.
Test 2: Verify Backend Blocks Unauthenticated Access
Protected backend endpoints should return a 401 Unauthorized response if the request doesn't contain a valid session cookie. To test this functionality, please perform the following steps:
- Use a tool like cURL or Postman to send a request to a protected backend endpoint; make sure not to include a valid session cookie in the request.
- Verify that the endpoint returns a
401 Unauthorizedresponse.
Test 3: Verify Authenticated Users Can Access Protected Pages
Now let's try accessing a protected page with an authenticated user. In this case, the authentication check should pass, and the user should be able to view the protected page. To test this functionality, please perform the following steps:
- First, ensure that the user is logged in by entering the URL of your Login Endpoint (e.g.,
http://localhost:3001/auth/login) into your browser's address bar and press Enter. - Complete the login flow by entering your credentials when prompted.
- After authenticating, you'll be redirected back to your application. At this point, you should be able to view any of your application's protected pages.
If the above tests succeed, then your authentication checks are working correctly! 🙌
Fantastic, auth checks are at full throttle!
Updated about 16 hours ago
Congratulations! Your application now properly enforces user authentication. But there’s still plenty more you can do with our platform - let’s explore!