Account creation for automated testing
Trimble Identity needs to implement bot control. Bot control will impede automated testing efforts.
To accommodate automated user testing, we will provide a non-bot controlled sign-in page specific to automation accounts. You request automation accounts via Trimble Identity’s support team.
This functionality is not available to external customers.
To request a testing automation account, please open a support request.
This article assumes a comprehensive understanding of the OAuth 2.0 authorization code workflow. For more information about grants in Trimble Identity, please refer to the documentation.
For rollout timelines and other questions, see FAQ.
Design
Section titled “Design”We already support the concept of a “federation.” Federations enable end users to sign in using existing accounts, such as “Sign in with Google.” Often these federations are business-to-business configurations that allow our partner organizations’ users to sign in with their credentials. To target a federated sign-in, the authorized request must contain an Identity_provider parameter in the query string.
To support automated testing efforts while keeping Trimble Identity secure from bots and scripted attacks, we will leverage our federations to provide an automation-testing-only federated identity. This federation will only include accounts with a presently fake @trimbleautomation.com domain.
The federated sign in page will not have any bot-control enabled. This will allow current automation testing to continue functioning similarly to the current approach.
We can isolate automation accounts from regular user accounts by maintaining test account credentials in a different user pool. Automation accounts must be requested via support; thus, Trimble Identity controls password length and complexity. No self-service options exist for managing automation accounts.
Logging into the automation user pool
Section titled “Logging into the automation user pool”Once a test automation user’s username and password are acquired, calls to the /oauth/authorize endpoint can target the automation user pool login by adding identity_provider=trimble_automation to the query string.
Only preconfigured test accounts can be used to sign in. Other Trimble Identity user credentials will not authenticate.
Any frameworks which work against Trimble Identity should continue to work for automation testing.
The test automation suite will start up a headless browser so it is recommended that the browser be opened to its maximum size for easier navigation.
Firefox
Section titled “Firefox”driver.maximize_window()Chrome
Section titled “Chrome”options = webdriver.ChromeOptions()options.add_argument("--start-maximized")The automation sign-in page will have two forms which contain:
- A username form element with the ID
signInFormUsername - A password form element with the ID
signInFormPassword - A button form element with the ID
signInSubmitButton
The two forms are available in DOM and its visibility is resolved using viewport breakpoints
The following Python snippets reflect logging into the automation user pool:
username_input = driver.find_element(by='id', value='signInFormUsername')password_input = driver.find_element(by='id', value='signInFormPassword')submit = driver.find_element(by='name',value='signInSubmitButton')
username_input.send_keys(automation_username)password_input.send_keys(automation_password)
submit.click()If the code is run in a headless client, the webdriver fails in identifying the element by id. We recommend using xpath in such cases to run the script.
index = 1 if driver.get_window_size().get('width') < 992 else 2# The index is set based on the viewport where value is resolved as 1 for modes extra-small and small; and as 2 for modes medium
username_input = driver.find_element(b y='xpath', value='(//input[@id="signInFormUsername"])['+ str(index) +']')password_input = driver.find_element(by='xpath', value='(//input[@id="signInFormPassword"])['+ str(index) +']')submit = driver.find_element(by='xpath',value='(//input[@name="signInSubmitButton"])['+ str(index) +']')
username_input.send_keys(automation_username)password_input.send_keys(automation_password)
submit.click()Managed users functionality
Section titled “Managed users functionality”It is possible to do sign-in test automation for managed users as well as normal users. Use all of the steps listed above for normal users with the following differences:
-
When calling the
/oauth/authorizeendpoint, use the following query parameters:auth_workflow=managed_useridentity_provider=trimbleautomation_managed_user
-
The user name you should inject into the
signInFormUsernamemust contain the following pattern:trimbleautomation_com.{preferred_username}, wherepreferred_usernameis a managed user you have registered with the Trimble Identity team. -
The password you should inject is the one that the Trimble Identity team provides you for the managed user.
Updating current automation tests
Section titled “Updating current automation tests”-
Obtain a test automation account.
-
Navigate to the support page.
-
Create a new support ticket
- Subject: Trimble Identity Test Automation Account
- Description: Please provide the following Username for the automation account–username only, alphanumerics and special characters _ .- + [] <> Provide the application IDs this account is going to be testing Provide a short description of the use case
- Support Category: Trimble Cloud Core Platform - Cloud Core Platform - Trimble Identity
-
-
The support team will provide a presigned download link for the test automation account credentials
-
Update the
/oauth/authorizeURL used by the testing harness to includeidentity_provider=trimble_automationin the query string -
Target the username form input with ID
signInFormUsername. -
Target the password form input with ID
signInFormPassword. -
Click the button with ID
signInSubmitButton.
Limitations
Section titled “Limitations”We will not be enabling a method for circumventing bot control when creating new accounts. At this time, we do not offer a “token API.” A UI/headless browser implementation must be used to exchange a code from the /authorize endpoint.
See also
Section titled “See also”A C# SDK that automates Trimble Identity authentication using a headless Chrome browser, enabling token retrieval without manual login. Refer to the documentation for more info.