We try to load user profiles in a Node.JS backend via Google Oauth and login button.
Google Button login works correctly, the given access token credential is sent to the backend and google-auth-library's client.verifyIdToken decodes the data correctly, and all the fields are there for the given scopes:
https://www.googleapis.com/auth/userinfo.emailhttps://www.googleapis.com/auth/userinfo.profile
But when testing in Cypress with we can't click the login button and authenticate the user so we do the following:
- Created a
refresh_tokenin Google Oauth Playground for the given test user
Then for each test case runs:
Called
https://oauth2.googleapis.com/tokenwith the following body:- client_id
- client_secret
- grant_type:
refresh_token - refresh_token
Sent the
access_tokenfrom the response the same way as the google button login to the backend
For some of the first requests it works, after that the name stops apperaing in the decoded payload by google-auth-library's client.verifyIdToken. (And using the access token in https://www.googleapis.com/oauth2/v3/userinfo it returns the name field.)
Why is this happenning, are we missing on something, or should we do something in a different way to simulate user logins in cypress? If possible we don't want to add an extra /v3/userinfo call on the backend because the button login works without that.
We tried with different /token endpoints, or adding openid or other scopes too to the refresh token, but none of them worked.
