Testing IS-10 Authorization
When testing IS-10 / BCP-003-02 implementations, there are a number of configuration parameters which need to be set
correctly to match your environment.
ENABLE_AUTH should be set to
True, then each of the parameters which begins
AUTH_ should be considered to ensure it is set correctly.
Each of the specification test suites can be run in authorized mode where applicable. When this is enabled, every request which is made
by the testing tool will include a JSON Web Token which should grant is access to the API. If you receive authorization errors then this may indicate an issue with the implementation or a configuration error in the testing tool.
Test suites which include ‘mocks’, most notably the IS-04 Node tests (which include a mock registry) also require valid
authorization tokens to be presented to them when
ENABLE_AUTH is used.
Note that whilst the testing tool does not prevent authorization testing from being carried out with
turned off, this is for debugging purposes only. Production environments must never use authorization without TLS, and
must never share their token generation keys with this testing tool.