Testing Library
Mock providers, test tokens, webhook payloads, and Playwright/Cypress helpers for Wocha auth.
@wocha/testing helps you test Wocha integrations without hitting the hosted login flow. Mock React auth state in component tests, inject encrypted session cookies for Next.js E2E tests, and generate signed webhook payloads for handler testing.
Installation
Add as a dev dependency:
pnpm add -D @wocha/testingnpx @wocha/cli init --framework nextjsOptional peers:
@wocha/react— required forMockWochaProvider@wocha/nextjs— session cookies match its encryption format- Playwright or Cypress — use framework-specific subpath imports
Mock providers
MockWochaProvider is a drop-in replacement for WochaProvider from @wocha/react. It wires the same context so hooks like useSession, useOrg, and usePermission work without OAuth.
Props: session, user, org, isLoading, isAuthenticated, error, config — all optional partial overrides.
Mock data factories
Factories accept partial overrides and generate realistic IDs by default. Use createTestSession() when you need a full StoredSession shape for cookie encryption tests.
Test tokens
Generate fake JWTs and encrypted session cookies for integration tests without a live OAuth flow.
Low-level API
Important: Pass the same secret your app uses (WOCHA_CLIENT_SECRET or WOCHA_COOKIE_SECRET / sessionSecret in createWochaHandler).
Environment variables
| Variable | Purpose |
|---|---|
WOCHA_TEST_TOKEN_SECRET | HS256 secret for test access tokens (default: built-in test secret) |
WOCHA_COOKIE_SECRET / WOCHA_CLIENT_SECRET | Session cookie encryption (must match your app) |
WOCHA_WEBHOOK_SECRET | Webhook signing secret for payload generator |
Webhook payloads
Generate signed webhook payloads compatible with @wocha/sdk/webhooks verification:
Supported event types include user.created, user.updated, session.created, session.revoked, organisation.created, organisation.member_added, connection.created, application.created, and more. Import WEBHOOK_EVENT_TYPES for the full list of types supported by the test generator:
Verify in tests:
Or use the production SDK verifier:
Playwright integration
@wocha/nextjs stores sessions in an encrypted greet_session cookie. The Playwright helper sets a valid cookie so middleware and server components see an authenticated user.
Pass a BrowserContext instead of a Page to share auth state across tests:
Cypress integration
Register the custom command in cypress/support/e2e.ts:
Use in specs:
Testing patterns
Unit test (React component)
Integration test (webhook handler)
E2E test (Next.js + Playwright)
Package exports
| Import | Use case |
|---|---|
@wocha/testing | Mock provider, factories, tokens, webhooks, WEBHOOK_EVENT_TYPES |
@wocha/testing/playwright | setupGreetTestingToken(page | context, options) |
@wocha/testing/cypress | registerGreetTestingCommands(), cy.greetSignIn() |
Security note
Testing tokens and default secrets are for local and CI test environments only. Never enable test token generation in production. Use dedicated test tenants and rotate secrets if they are ever committed to source control.
Learn more
- CLI webhook commands —
wocha webhook listenandwocha webhook test - Webhooks overview
- Next.js SDK