Supertest, test secure REST API

Question

I am writing an integration test for a REST API protected by a jwt. One API operation POST /user/token is returning a jwt given a us

Answer 1

You want to perform single POST to /user/token and then use the token received in every test case? If so, then use the before hook of the test framework you are using (Mocha?) and store the token to a variable, e.g.

describe('My API tests', function() {

  var token = null;

  before(function(done) {
    request(url)
      .post('/user/token')
      .send({ _id: user1._id, password: user1.password })
      .end(function(err, res) {
        token = res.body.token; // Or something
        done();
      });
  });

  it('should get a valid token for user: user1', function(done) { 
    request('/get/user')
      .set('Authorization', 'Bearer ' + token)
      .expect(200, done);
  });
});

Answer 2

Need to set Authorization as 'Bearer ' + token

 var token = null;

 before(function(done) {
    request(url)
      .post('/user/token')
      .send({ _id: user1._id, password: user1.password })
      .end(function(err, res) {
        token = res.body.token; // Or something
        done();
      });
  });


 it('should get a valid token for user: user1', function(done) { 
    request('/get/user')
      .set('Authorization', 'Bearer ' + token)
      .expect(200, done);
  });