Test User Management
Descope supports the ability to test end-to-end authentication via test users. Test users can be used to test OTP via email, SMS, or voice, Magic Link via email or SMS, and Enchanted Link via email. Utilizing test users, you can generate OTP codes and Magic or Enchanted link tokens for test users directly without integrating with SMS, voice, or email through the Descope API and SDK. Once you have the generated code and token, you will verify them with the related OTP, Magic Link, or Enchanted Link verification functions in the SDK or API.
Test users are not audited, counted as active users, or monitored within your analytics.
Creating Test Users
Descope API or SDK
Test users can be generated via the management SDK's create test user function or by the management API
create user function. When creating the test user via the API, you must ensure you pass the
test=true
attribute.
Dynamic Test User creation
Descope allows you to dynamically create test users based on a configured email address regex. This allows you to test your just-in-time user creation during the sign-up-or-in process within your flows or other testing. When the email matches this regex, the user will be created as a test user. You can configure and test this regext within the Test Users section within the Project Settings area of the Descope console.
After the user initiates the authentication process as a dynamic test user, the same SDK and API endpoints for generating OTP, magic links, etc. for test users, are still applicable to the dynamically created test user.
Note
It is essential to monitor and clean up your dynamic test users as it could quickly reach the Test User Limits.
Test User in User Management
Once the test users have been created, they can be viewed in the users table in the Descope console. A column "Is Test User" is part of the table where you can see the label against test users.
Descopers can also use advance filter option to view the test user with the condition as shown below. This will help list out all existing test users in the table.
Test User Verifiers
When utilizing test users for MFA, it is recommended to generate OTP codes for flows involving email or phone OTP. In scenarios where access to a test user's email or phone is unavailable, you can set static OTP codes for test users that match a regex pattern.
In the Project Settings under Test User, you can enable Static OTP codes. The regex pattern is tested against the verifier to help narrow the access to static codes. Note that a warning will appear when enabling Static OTP codes.
This is an insecure method and is only recommended when generated OTP codes are not viable for testing. Therefore, this setting is ignored during imports and exports and is excluded from production environments.
Test User Limits
Free tier plans are limited to 5 test users per project. Pro-tier plans allow for 100 test users per project. Learn more about upgrading your tier within our pricing overview.
When the maximum number of test users has been reached, the user will be presented with the below error:
Test User JWT
When utilizing test users, their JWT can be identified by the "tu": true
immutable claim.