Authentication Testing with JWT in Playwright

 Authentication Testing with JWT in Playwright

JWT (JSON Web Tokens) are widely used for stateless authentication in modern web apps. When testing applications that use JWT for authentication, Playwright offers tools to simulate login flows or directly inject JWT tokens to bypass the UI login process.


This guide walks you through both approaches using Playwright (with JavaScript/TypeScript or Python).


✅ What You'll Learn

How JWT-based authentication works


How to authenticate with JWT using Playwright


How to persist authentication for faster testing


1. Understanding JWT Authentication

In a typical JWT auth flow:


User logs in via a form


Backend responds with a JWT token


The token is saved in localStorage or a cookie


All future requests include the JWT (usually in the Authorization header or cookie)


2. Method 1: UI Login + Persist Auth (Best for End-to-End Testing)

๐Ÿ”ง Step-by-Step (JavaScript/TypeScript)

ts

Copy

Edit

// login.spec.ts

import { test, expect } from '@playwright/test';


test('Login and save state', async ({ page }) => {

  await page.goto('https://your-app.com/login');


  await page.fill('#username', 'testuser');

  await page.fill('#password', 'password123');

  await page.click('button[type="submit"]');


  await page.waitForURL('**/dashboard'); // wait for navigation after login


  // Save authentication state to a file

  await page.context().storageState({ path: 'auth.json' });

});

✅ Reuse Auth State in Other Tests

ts

Copy

Edit

test.use({ storageState: 'auth.json' });


test('Access protected page', async ({ page }) => {

  await page.goto('https://your-app.com/dashboard');

  await expect(page).toHaveURL('**/dashboard');

});

3. Method 2: Inject JWT Directly into LocalStorage (Fast, but Less Realistic)

If you already have a valid JWT (e.g., generated via API or hardcoded for test), you can inject it directly into the browser.


๐Ÿ”ง Example (JavaScript/TypeScript)

ts

Copy

Edit

test('Login by injecting JWT', async ({ page }) => {

  const jwt = 'your.jwt.token';


  await page.addInitScript(([token]) => {

    localStorage.setItem('auth_token', token);

  }, jwt);


  await page.goto('https://your-app.com/dashboard');

  await expect(page).toHaveText('Welcome');

});

Adjust the localStorage.setItem('auth_token', ...) key to match your app's actual storage key.


4. Python Example (Using Playwright-Python)

✅ Inject JWT into localStorage

python

Copy

Edit

import asyncio

from playwright.async_api import async_playwright


JWT_TOKEN = "your.jwt.token"


async def run():

    async with async_playwright() as p:

        browser = await p.chromium.launch(headless=False)

        context = await browser.new_context()


        page = await context.new_page()


        await page.add_init_script(f"""

            window.localStorage.setItem('auth_token', '{JWT_TOKEN}');

        """)


        await page.goto("https://your-app.com/dashboard")

        await asyncio.sleep(3)

        await browser.close()


asyncio.run(run())

✅ Tips for JWT Testing

Use a mock or test environment that accepts a test JWT or exposes a login API.


If JWT is stored in cookies, you can set them manually using:


ts

Copy

Edit

context.addCookies([{ name: 'token', value: 'abc', domain: 'your-app.com' }])

Avoid hardcoding JWTs that expire quickly — consider using test tokens with long TTLs or regenerating them via API.


Use Playwright's storage state to avoid repeating login flows.


✅ Conclusion

Playwright offers flexible ways to test JWT-based authentication:


Use the UI flow + storage state for full E2E coverage.


Use JWT injection into localStorage for fast, repeatable access to protected routes.


Choose the approach based on your test coverage goals, speed, and realism.

Learn Playwright Training Course in Hyderabad

Read More

Component Testing with Playwright

Accessibility Testing with Playwright

Multi-Tab Testing in Playwright

Testing Shadow DOM Elements with Playwright

Visit Our IHUB Talent Training Institute in Hyderabad

Get Directions

Comments

Post a Comment

Popular posts from this blog

How to Install and Set Up Selenium in Python (Step-by-Step)

 Here’s your step-by-step guide to installing and setting up Selenium in Python — perfect if you're just getting started with browser automation. ๐Ÿš€ ๐Ÿ Step 1: Install Python If you haven’t already: Download Python: https://www.python.org/downloads/ Make sure to check the box "Add Python to PATH" during installation Verify installation: bash Copy Edit python --version pip --version ๐Ÿ“ฆ Step 2: Install Selenium Library Open your terminal or command prompt and run: bash Copy Edit pip install selenium To verify: bash Copy Edit pip show selenium ๐ŸŒ Step 3: Download WebDriver for Your Browser Depending on what browser you want to automate: ๐Ÿ”น Chrome: Download ChromeDriver: ➡️ https://sites.google.com/chromium.org/driver/ Make sure the driver version matches your installed Chrome version. ๐Ÿ”น Firefox: Download GeckoDriver: ➡️ https://github.com/mozilla/geckodriver/releases Unzip and place the executable somewhere on your system, like: Windows: C:\WebDrivers\ Mac/Linux: /usr/local...
Read more

Tosca for API Testing: A Step-by-Step Tutorial

Tosca for API Testing: A Step-by-Step Tutorial Tricentis Tosca is a powerful and user-friendly test automation tool that supports a wide range of testing types — including API testing. With Tosca, you can easily design, automate, and execute API tests without writing any code. It supports REST, SOAP, and other service types, making it a great choice for end-to-end API validation. ๐Ÿงฐ What is Tosca API Testing? Tosca’s API testing allows testers to: Send requests (GET, POST, PUT, DELETE, etc.) Validate responses (status codes, body, headers) Chain requests and share data between them Perform security, load, and functional tests on APIs ✅ Step-by-Step Guide: Tosca API Testing ๐Ÿ”น Step 1: Open Tosca and Create a Workspace Launch Tosca Commander Create a new workspace (or open an existing one) Choose the workspace type as Multi-user or Single-user based on your setup ๐Ÿ”น Step 2: Add a New API Test Case Navigate to the Modules section. Right-click and choose Scan > API Scan. The API Scan wi...
Read more

Waits in Playwright: Explicit, Implicit, and Auto

 In Playwright (a powerful end-to-end testing framework), waiting mechanisms help ensure your scripts interact with elements only when they’re ready. Playwright handles waits more intelligently than older tools like Selenium, but understanding the types of waits—Explicit, Implicit, and Auto-waiting—is key for writing reliable tests. ๐Ÿ•ฐ️ Waits in Playwright: Explicit, Implicit, and Auto ✅ 1. Auto-Waiting (Built-in) – Playwright’s Default Behavior What it is: Playwright automatically waits for elements to be actionable before performing actions (like click, type, fill, etc.). This is its most powerful feature. How it works: Waits for the element to be attached to the DOM Waits for the element to be visible Waits for the element to be enabled (not disabled) Waits for stable animation or layout Example: python Copy Edit await page.click('#submit-button') No need for a separate wait — Playwright will wait until the button is ready. Benefits: Reduces the need for manual waits More re...
Read more