JWT Auth flow

Name: DevTools
Author: DevTools

This flow logs in, captures a JWT from the response, and uses it in a follow-up request. Use it for smoke tests and regression checks where auth is the first step.

Required env vars

LOGIN_EMAIL (CI secret)
LOGIN_PASSWORD (CI secret)

How to run it

devtools flow run jwt-auth.yaml

TODO:

Add a screenshot of the successful login + profile request in Studio.
Short clip of running devtools flow run jwt-auth.yaml in CI.

# jwt-auth.yaml
version: 1
name: JWT login and use
env:
  API_BASE: https://api.example.com
  LOGIN_EMAIL: {{#env:LOGIN_EMAIL}}
  LOGIN_PASSWORD: {{#env:LOGIN_PASSWORD}}

requests:
  - id: auth_login
    name: Login
    method: POST
    url: {{ env.API_BASE }}/login
    body:
      json:
        email: {{ env.LOGIN_EMAIL }}
        password: {{ env.LOGIN_PASSWORD }}
    expect:
      - status: 200

  - id: get_profile
    name: Get profile
    method: GET
    url: {{ env.API_BASE }}/me
    headers:
      Authorization: Bearer {{ auth_login.response.body.token }}
    expect:
      - status: 200

What to change

Base URL: env.API_BASE to your API.
Endpoints: /login and /me.
Token path: auth_login.response.body.token to match your response.
Assertions: add body schema checks or key presence assertions.

Common variations

Refresh token flow and token renewal.
Handle expired tokens (expect 401 → re-login).
Pagination when fetching user-related lists.
Retries with backoff for flaky endpoints.

JWT Auth flow

Required env vars

How to run it

What to change

Common variations

Links