Testing Authentication
This section tests authentication from the creation of the OAuth link to the validation of the token.
“Happy path” tests
Test case | Task(s) | Expected result(s) |
Successful creation of OAuth link | Direct end-user to the Mikomo login. | Consumer goes from your app to the provider login screen. |
Valid login | Go through Akoya’s authentication flow and reach the account selection screen. | Successfully arrive at the account selection screen displaying all the user’s accounts. |
Successful account selection | Select the desired financial accounts. | Consumer’s accounts are selected without error. |
Successful redirect to expected redirect_uri | The app/browser takes user to the success page. | Successfully arrive at your app’s redirect URI. |
Successful retrieval of authentication code | Store the authentication code. | Authentication code is used for next step, retrieving tokens. |
Successful token validation | Use the Token endpoint to request refresh and ID tokens. | Valid refresh_token and id_token tokens are returned. These tokens are associated with the Mikomo consumer who logged-in and the specified sandbox app, provider (Mikomo, and selected accounts. |
“Sad path” tests
Test case | Task(s) | Expected result(s) |
Login failure (invalid connector) | Provide an invalid providerId in the auth URL for connector | HTTP 400: Bad Request |
Login failure (no connector) | Provide connector without a value. | HTTP 403: Forbidden Possible: HTTP 200: OK. When this occurs, an Akoya login screen may appear and will not be usable for your consumer. |
Login failure (invalid redirect_uri) | 1. Provide an empty redirect_uri. 2. Provide an incorrect redirect_uri. | (Both tasks): HTTP 400: Bad Request |
Login failure (invalid client_id) | 1. Provide an empty client_id. 2. Provide an incorrect client_id. | (Both tasks): HTTP 400: Bad Request |
Login failure (invalid response_type) | Provide an empty response_type. | HTTP 403: Forbidden or HTTP 200: OK with error parameter in URL: <your redirect_uri>callback?error=invalid_requests |
Login failure (invalid scope) | 1. Provide an empty scope. 2. scope missing openid. | HTTP 403: Forbidden or HTTP 200: OK with error parameter in URL: <your redirect_uri>callback?error=invalid_scope |
Login failure (invalid scope) | scope missing offline_access. | Consumer login will be successful. Initial token endpoint response will be missing refresh_token |
Login failure (incorrect username/password) | Enter incorrect user credentials. | HTTP 401: Unauthorized Receive an error message in the UI that the end-user’s username and/or password is incorrect. |
Changelog
Date | Update |
2025-Jun-09 | UAT changes implemented |
2025-Jan-02 | Original |